Researchers have detected many of malicious apps on the official Google Play Store. According to them, at least seven of the detected apps are versions of malware identified as Android.Reputation.1 which were removed.
We witness that the creators of Android malware came back with slightly modified app code, new names and published them as new programmers. Emoji keyboards, app cleaners and app lockers, call recorders and calculators were the primary detected malicious apps. Like your basic Android Viruses, this aims to get admin privileges of the phone.
Programmers mimicked Google Play screen in order to trick users into activating administrator rights.
Another hidden feature of these variants of Android.Reputation.1 uses legitimate Google apps’ icons and “running apps icon” in the system settings. Therefore, users might be unable to recognize malicious app without security software. Another version of the Android.Reputation.1 malware is more sneaky and can hide better on the device. There are at least 38 games and education apps on Google Play Store that delete icons from the home screen after installation. These malware work in the background and hard to detect. The “change my voice” adware is often associate with these apps. The app created by TopTech floods the device with lots of ads.
The main purpose of the spyware is to collect various information from Android users, such as:
- affected device location;
- record sounds;
- device’s clipboard;
- phone number;
- installed app lists;
- account information.
Researchers report a new wave of spyware which is active since March 2018. There is also a malicious game on Twitter. As soon as people click on a link, they are redirected to the website that promoted a game called “Virtual Girlfriend.” If users proceed with the instructions on the screen, they download data-stealing malware on the device.
We want to remind readers to be very careful with games that are promoted in such shady way.
Image via geekviews