Malicious apps with malware detected on Google Play Store

Researchers at AppCensus have discovered 11 Android apps in the Google Play Store that can garner certain critical data from their users. These applications were found copying data such as GPS location, email addresses, and phone numbers associated with the device. 

AppCensus has claimed these malicious apps have already been downloaded 60 million times so far. The malicious apps include speed camera radar, Al-Moazin Lite (Prayer Times), Wi-Fi Mouse (PC Remote Control), QR & Barcode Scanner (Developed by AppSource Hub), Qibla Compass – Ramadan 2022, Simple weather and clock widget (Developed by Difer) etc. 

An unknown and mysterious firm from Panama has allegedly made some underhand dealings worth $2.1 million with Android app developers to bring in a “Software Development Kit “ (SDK) on apps that can pilfer sensitive data from users’ phones, the cyber security solution provider said. 

“Whenever a user copy/pastes something, it goes to a shared clipboard, which this SDK was scouring and uploading to its servers,” reveals Joel Reardon, Forensics Lead and Co-Founder of AppCensus in a blogpost. “What gets put there is arbitrary data, and can include passwords, for example, if a user uses a password manager.”  

Also read: Around 55% of companies are not prepared for a cookieless world: Study

Earlier, Check Point Research has found some anti-virus apps, which were disguised as AV solutions on the Play Store but turned out to be malicious software. These apps were stealing banking information and other credentials from their users. The Android malware called is ‘Sharkbot’ once they were downloaded and installed. At least six different apps with over 15,000 total downloads were spreading the malware, which were consequently all taken down from the Play Store after Civil Procedure Rule’s (CPR)s disclosure. 

While CPR identified approximately 1,000 unique IP addresses of infected devices during the time of analysis with most of the victims based in Italy and the UK. Out of six applications that were spreading ‘Sharkbot’, four came from three developers — ZbynekAdamcik, Adelmio Pagnotto and Bingo Like. 

While such data theft by malicious apps is yet to gain ground in India, many years back there were fake applications of State Bank of India, ICICI Bank, Axis Bank, Citibank and other lenders, available on the Play Store. This was claimed in a research report by infotech security firm SophosLabs, which also stated that such malicious apps may have stolen the data of thousands of Indians.