Analysts Find Another Malicious App on Google Play Store That Spreads Malware

Where do you get your apps from? Ideally, you get them from a reputable source, such as the Google Play Store. Unfortunately, the name of this online app market continues to flash in the headlines as new malicious and unwanted apps are being discovered on it basically every month. In fact, it was reported that Google removed over 700,000 apps in 2017, which was a 70% increase compared to the previous year. These are shocking numbers. Of course, not all apps are equally as malicious. Some of them may record relatively insignificant amounts of personal information (which is still intrusive), but there are apps that can drop malware, listen in on phone calls, hijack the device, steal passwords, and do all kinds of other undesirable things. Whether you own 10 or 100 Google Play apps, you could be at risk.

In this report, we focus on a malicious app called Flappy Birr Dog, but we also provide tips on how to spot malicious apps on Google Play in general. If you are interested, please continue reading.

What is Flappy Birr Dog and MobSTSPY?

If the first thing that comes to mind is Flappy Bird – a famous game that, at its peak, was downloaded 50 million times and generated a daily revenue of $50,000 – you are not wrong at all. Flappy Birr Dog was created with an intention of attracting users who may have been familiar with Flappy Bird already.

This application was one of the many that were created to distribute MobSTSPY malware. It is believed that the apps were uploaded onto the platform without a malicious code because Google Play apps are thoroughly reviewed and have to pass certain security standards. The users who downloaded these apps 100,000 times, most likely, downloaded them malware-free also. Unfortunately, at some point, malicious code was injected for the purpose of distributing MobSTSPY. Besides Flappy Birr Dog, FlashLight, HZPermis Pro Arabe, Win7imulator, and Win7Launcher were the other Google Play apps that were used for the distribution of this malware.

According to malware analysts and Trend Micro, MobSTSPY is set up to discover the phone user's location, read SMS messages, log calls, and even record clipboard items. All information is sent to a remote C&C server silently. Basically, this malware acts as spyware. The analysts also discovered that the threat could perform phishing attacks to gather credentials. For example, it can display bogus Facebook or Google login screens to log usernames and passwords. At the time of analysis, the spyware was mainly spread in India, but it also affected users in Russia, Pakistan, and Bangladesh among 196 countries in total.

Unfortunately, Google Play apps distributing MobSTSPY might have put unsuspecting users at serious risks. Their virtual identities could have been stolen, and personal information could have been leaked to third parties, who might include scammers, unreliable advertisers, and malware distributors. Although the malicious apps mentioned above – including Flappy Birr Dog – have been removed already, it is impossible to say if new Google Play apps will not be uploaded to spread the same spyware.

This isn’t the first or the last time malicious Google Play apps are discovered

New suspicious, questionable, unwanted, or malicious Google Play apps are discovered frequently. Most recently, it was reported by ZDNet that 85 adware apps on Google Play were installed over 9 million times. One specific app, called Easy Universal TV Remote, was downloaded 5 million times alone. At the end of last year, 22 Google Play apps with a malicious backdoor were, reportedly, downloaded over 2 million times. These apps were automatically clicking on malicious ads without the user's permission. The only good news is that they were removed from the store as well.

In November, another 13 Google Play apps were deleted from the platform because they could have been used to download malware. It was recorded that these apps could have been downloaded 560,000 times. A similar amount of malicious apps were deleted in March of 2018 when Google discovered 7 apps capable of displaying ads and notifications with ad links. Although it might seem as if these kinds of apps are more annoying than anything else, ads can route you to malware websites, and they can be used to expose you to phishing notifications. Ultimately, Google is not removing apps randomly. If they are removed, that means that they are not meeting the security standards, and that is a big deal.

How to spot malicious apps on Google Play

It is crucial that you learn how to spot malicious apps on Google Play because that is your best chance of avoiding malicious Google Play apps in the first place. Even if you use antivirus software to protect your device – which you absolutely should do – it might not protect you against apps that, for example, do not have malicious code injected upon installation. As we discussed already, such code can be injected later on to bypass security controls and antivirus software.

These are the things you need to look at if you want to spot malicious apps on Google Play:

  • Reviews
  • Ratings
  • Descriptions
  • Author
  • Permissions
  • Updates

Even if an app has a 5/5 rating, and the reviews are mostly positive, you need to be cautious because these things can be forged, and that is not that hard to do as well. It is most important that you take the name of the app and the author and do a little bit of research. If you cannot find any incriminating data, you might think that the chosen Google Play app is harmless, but keep in mind that finding no information at all is not a good sign either.

Pay close attention to the permissions you are granting the Google Play apps you install. For example, if a photo editing app wants to access your phone calls, contacts, geographical location, and other data that is unrelated to photo-editing services, you need to be worried. Finally, it is also important that you install trustworthy security software to protect your device and ensure that you cannot be tricked into installing malicious apps in the future. Also, keep in mind that while Google Play Store is continuously being found to represent malicious apps, malware, and spyware, it is still the most reputable source for Android apps.

By Foley
January 10, 2019
Android Malware
English
January 10, 2019
Android Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Facebook's Privacy App No Longer Available on Apple's App Store Because It Collects Too Much Data

In all likelihood, the word 'privacy' isn't the first thing that comes to your mind when you think about Facebook. Believe it or not, however, for the last five years or so, the social network has been pushing a... Read more

August 28, 2018
Android Malware

At Least 145 Google Play Apps Could Install Keyloggers to Steal Passwords

Sometimes a malicious program could hide in plain sight for a very long time before it gets taken care of. Having that in mind, we would like to talk about how Google had to remove 145 apps from Google Play because... Read more

September 6, 2018
How To

How to Backup Google Authenticator from One Android Phone to Another

As we've mentioned before, Two-Factor Authentication (2FA) is a must-have for all Google users. If you've not used 2FA, be aware that you're putting your Google account is at risk of being breached by hackers. In case... Read more

November 9, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.