Android malware disguises itself as a settings app

Bitdefender’s security researchers have just discovered 35 Android apps on the Play Store that contain particularly malicious malware that hides in the settings to avoid detection. Intelligent and efficient!

Be careful with the applications you download on your Android smartphone! Although Google has many tools to remove infected applications from its Play Store, hackers are constantly developing new strategies to bypass them. BitDefender’s cybersecurity specialists recently discovered 35 infected applications in the Google Store, accounting for around 2 million downloads combined – and as many potential victims. The purpose of these apps is to flood you with advertisements without your knowledge. Intrusive ads that abuse WebView – a software component that allows Android apps to display web content. While ads may not seem dangerous, they can quickly become very annoying – so try surfing the web with an ad page that opens every 30 seconds… – and can even be linked directly to malware – and therefore can lead to more sneaky malware , which can siphon off your personal and banking information. Even worse, these rogue apps use a number of clever and sophisticated techniques that make them virtually undetectable.

Almost undetectable malware

As Bitdefender explains, these applications have multiple malicious methods to hide themselves. Thanks to Google’s legit APIs, these developers found a way to fool users completely. Therefore, infected applications mask their presence to avoid being uninstalled and most change their name and logo to pretend to be the most legitimate and innocent applications. For example, the GPS Location Maps application – which has already accumulated more than 100,000 downloads despite the lack of user reviews… – apparently turns into a settings application and deletes the original. Opening it, by pressing the icon of course, will take you to the actual settings of Android and your phone. Meanwhile, the infected app runs in the background and displays websites and advertisements. Some go so far as to ask permission to appear in other applications in order to silently generate profits by simulating clicks.

© Google Play Store

To avoid detection, these rogue apps make sure they don’t appear in the recent apps list on Android – which could possibly arouse your suspicions. However, dodging the user’s vigilance is one thing, overriding the Play Store’s defenses is another. To do this, hackers first put a so-called legitimate version – i.e. without malware – online before they smuggle in malicious code via an update. In addition, the hackers hide the Java core code in two encrypted DEX files – a format that allows executable files to be stored on Android devices. In short, professional work that manages to cross Google’s barriers.

35 new infected apps detected in Play Store

Here is the list of infected applications detected by Bitdefender, some of which are still present in the Play Store.

  • Animated Sticker Master
  • Art Filter – Deep photo effect
  • Art Girl Wallpaper HD
  • Big Emoji – Keyboard
  • cat simulator
  • Colorize old photo
  • Colorize photos
  • Create stickers for whatsapp
  • EffectMania – Photo editor
  • Engine Wallpapers – Live & 3D
  • Fast emoji keyboard
  • Girl Art Wallpaper
  • GPS location finder
  • GPS location maps
  • Grad Backgrounds – 3D Backgrounds
  • Image warp camera
  • Keyboard – Funny Emoji, Stickers
  • Led Theme – Colorful Keyboard
  • Math Solver – camera helper
  • Media volume slider
  • My GPS location
  • Personal loading show
  • Phi 4K Wallpapers – Anime HD
  • Photopix Effects – Art Filters
  • QR Creator
  • Secret Astrology
  • Secret Horoscope
  • sleep noises
  • Smart GPS rental
  • Smart QR creator
  • Smart QR scanner
  • intelligent wifi
  • Stock Wallpapers – 4K & HD
  • volume control
  • Walls Light – Wallpaper Pack
One of the corrupted apps © Google Play Store

Poisoned apps: signs that should warn

Bitdefender specialists found that all malicious app developers usually offer only one app in the store. Furthermore, the email addresses and websites associated with the developers look the same, making them believe that all these apps are the work of a single group or even a developer. Another alarm signal: the lack of user reviews despite many downloads – at the same time, how to rate an application that does not appear on the smartphone? That’s why you have to keep in mind that just because you download an app from the official Google Store, it doesn’t mean it’s safe.

Therefore, some precautions should be taken. Don’t install apps you don’t really need and don’t forget to delete the ones you no longer use. If an app asks for special permissions that it theoretically doesn’t need – a sticker app doesn’t need your geolocation – be careful right away. Finally, it’s better to have an antivirus running in the background to double check that malicious behavior isn’t at work in the shadows…

#Android #malware #disguises #settings #app

Leave a Comment

Your email address will not be published.