Trend Micro researchers have unearthed yet another malware threat that hides among the infinity of applications that Android users can download from the Google Play Store and that jeopardizes the security of their data.
This time it is some apps downloaded altogether 470,000 times and which are masked as tools designed to optimize the performance of the smartphone. And instead, unbeknownst to the user, these applications connect to servers and manage to download numerous Android malware, thus compromising the performance of the device.
Once installed, these apps are able to access users’ Facebook and Google accounts to perform advertising fraud, activate specific Android permissions, disable the Google Play Protect malware scanner and publish false reviews.
According to what reported by Trend Micro, this campaign is mainly active in Japan, the United States, Thailand, Taiwan and India. These are the identified apps (name and package):
- Shoot Clean-Junk Cleaner, Phone Booster, CPU Cooler → com.boost.cpu.shootcleaner
- Super Clean Lite- Booster, Clean & CPU Cooler → com.boost.superclean.cpucool.lite
- Super Clean-Phone Booster, Junk Cleaner & CPU Cooler → com.booster.supercleaner
- Quick Games-H5 Game Center → com.h5games.center.quickgames
- Rocket Cleaner → com.party.rocketcleaner
- Rocket Cleaner Lite → com.party.rocketcleaner.lite
- Speed Clean-Phone Booster, Junk Cleaner & App Manager → com.party.speedclean
- LinkWorldVPN → com.linkworld.fast.free.vpn
- H5 gamebox → com.games.h5gamebox
A second Malware campaign uses Anubis
Another campaign has been announced that has Android users as its victims and that to “infect” the devices uses Anubis, one of the most dangerous malware of recent times. According to what was known by the researchers of CoFense, this campaign uses emails with an attachment an APK file, which seems to require only harmless permits during the installation phase.
Instead, if the user gives the OK, this APK file disables Google Play Protect and obtains 19 permissions, taking control of the device and being able to do various things, such as capturing screenshots, enabling system settings, opening URLs, recording audio, make calls, send or delete SMS, lock your device, search for files, find your GPS position, etc.
In addition, Anubis checks infected devices to see if more than 250 different banking and commercial apps are installed, and when one of them is opened, the malware steals the account password. The advice to avoid being victims of these campaigns is always the same avoid installing applications outside the Play Store.