Cybersecurity researchers from Dr.Web discovered a handful of Android apps that were pushing ads and stealthily subscribing people to premium services.
The reserachers reported that these trojan apps, all found on Google’s official Play Store app repository, were cumulatively installed roughly two million times.
The apps were pretending to be games, messengers, and wallpaper apps, among others, and were mostly distributing three known malware families – FakeApp, Joker, and HiddenAds.
A million downloads
Upon installing one of these apps, they would immediately change their icon on the device, to something the user would reluctantly remove, such as the Chrome browser. In some cases, the researchers added, the trojans would simply remove their icons altogether, to seem as if there is an empty space in the app drawer.
The apps would then launch in the background, and deliver ads to the victim via their browser. That way, they would generate significant profits for the developers. The ads included things like casino websites, fake investments, and similar – all of which are in violation of Google’s policies.
The biggest trojan that managed to move past Google’s defenses and into the Play Store is Super Skibydi Killer, a game app with a million downloads. Other notable mentions include Agent Shooter (500,000 downloads), Rubber Punch 3D (500,000 downloads), and Rainbow Stretch (50,000 downloads).
There are also apps that subscribe the victim to premium services without their knowledge, including Love Emoji Messenger (Korsinka Vimoipan) with 50,000 downloads, and Beauty Wallpaper HD (fm0989184) with 1,000 downloads.
While Google removed all of the apps from the Play Store before this article was published, that only protects future potential victims. Those that have already downloaded the apps can only be safe if they remove them from their endpoints. If you suspect your device was compromised, besides the abovementioned apps, look for these:
Eternal Maze (Yana Pospyelova)
Jungle Jewels (Vaibhav Wable)
Stellar Secrets (Pepperstocks)
Fire Fruits (Sandr Sevill)
Cowboy’s Frontier (Precipice Game Studios)
Enchanted Elixir (Acomadyi)
Via BleepingComputer