Hackers have come up with yet another way to get around Google’s defenses in order to get their malware-filled apps on the Google Play Store.
According to a new report from the cybersecurity firm Kaspersky, malicious loader programs are being sold on dark web marketplaces, priced from $2,000 all the way up to $20,000. These programs enable hackers to hide malware in legitimate apps in such a way that prevents Google from detecting it.
Also known as dropper apps, these programs often present themselves as legitimate software. Then, after clearing the Play Store’s review process, they then gain malicious updates from a server controlled by hackers. Their creators often wait until the apps have a large user base before adding malware to them, to infect the maximum amount of users.
In its report, Kaspersky notes that "the most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners and even dating apps."
While loader programs are used to inject malware into clean apps according to The Hacker News, the users who download them are prompted to grant these apps extra permissions that are used to facilitate malicious activities. Likewise, some of these apps utilize can detect if they are being debugged, analyzed or installed in a sandboxed environment. If this is the case, they halt their malicious activities to prevent being analyzed by security researchers.
Fake developer accounts and APK binding services
Loader programs aren’t the only way hackers are sneaking malware onto the Google Play Store.
Kaspersky also highlights the fact that hackers are buying hacked or newly created Google Play developer accounts for $60-$200 on dark web marketplaces as well. At the same time, developer accounts that don’t have a strong password or two-factor authentication (2FA) enabled can be easily cracked and put up for sale. This is actually worse as hackers can then upload malware to existing apps, many of which already have a large user base.
APK binding services are yet another way hackers can get their malware into legitimate apps. They are used to hide malicious APK files (or Android installation files) inside another app to distribute malware through fake sites or phishing text messages.
One reason APK binding services are more popular is that they cost significantly less than loader programs due to the fact that the malicious apps they contain are not available through the Play Store.
How to stay safe from malicious apps
To avoid having your Android smartphone infected with malware, the first thing you need to do is limit the number of apps on your device. Sure, an app may be free but that doesn’t mean it’s worth downloading. Instead, you need to carefully pick and choose which apps you have installed on your smartphone.
When installing new apps, you want to first check their rating and read reviews on the Play Store. However, as these can be faked, you also want to look for external reviews on other sites while video reviews are ideal since you can see the app in question in action.
For additional protection though, you also want to install one of the best Android antivirus apps on your phone and make sure that Google Play Protect is enabled as it continually scans your existing apps as well as any new ones you download for malware.
In an email to Tom's Guide, a Google spokesperson provided further insight on the steps it takes to ensure Android apps in the Play Store are safe, saying:
“Google Play has policies in place to keep users safe that all apps must adhere to. All Android apps undergo security testing before appearing in Google Play. We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. Users are also protected by Google Play Protect, which can warn users or block identified malicious apps on Android devices.”
Still though, security is like a game of cat and mouse and even as Google bolsters the Play Store’s defenses against malware and malicious apps, hackers will find a new way to bypass these restrictions. This is why you need to be careful when installing new apps, even on one of the best Android phones.
More from Tom's Guide
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.