Cybercriminals are always devising clever new ways to get their malicious apps on the Google Play Store and a new malware campaign has managed to do just that.
According to a new blog post (opens in new tab) from the cybersecurity firm Bitdefender, 35 malicious apps have snuck onto the Play Store; based on publicly available data, they’ve been downloaded more than 2 million times.
In addition to stealing credentials and financial information, the cybercriminals behind malicious apps also serve ads to monetize their presence on the Play Store. Not only are these ads intrusive, but they can also link directly to malware.
While many legitimate apps show ads to users, the 35 malicious apps discovered by Bitdefender’s anti-malware research team show ads through their own framework which means they can also serve malware to victims who download them.
To make matters worse, the apps in question use a number of tricks to hide from users trying to delete them from their Android smartphones.
Delete these apps now
Below you’ll find a list of the 35 malicious apps discovered by Bitdefender along with how many times they’ve been downloaded. If you have any of these apps on your Android smartphone or tablet, you should delete them immediately.
Just note that some of them may have changed their names or icons to resemble the Settings app on your device.
- Walls light - Wallpapers Pack - 100K+
- Big Emoji - Keyboard - 100K+
- Grad Wallpapers - 3D Backdrops - 100K+
- Engine Wallpapers - Live & 3D - 100K+
- Stock Wallpapers - 4K & HD - 100K+
- EffectMania - Photo Editor - 100K+
- Art Filter - Deep Photoeffect - 100K+
- Fast Emoji Keyboard - 100K+
- Create Sticker for Whatsapp - 100K+
- Math Solver - Camera Helper - 100K+
- Photopix Effects - Art Filter - 100K+
- Led Theme - Colorful Keyboard - 100K+
- Keyboard - Fun Emoji, Sticker - 50K+
- Smart Wifi - 10K+
- My GPS Location - 10K+
- Image Warp Camera - 100K
- Art Girls Wallpaper HD - 100K+
- Cat Simulator - 50K+
- Smart QR Creator - 10K+
- Colorize Old Photo - 500+
- GPS Location Finder - 100K
- Girls Art Wallpaper - 10K+
- Smart QR Scanner - 50K+
- GPS Location Maps - 100K
- Volume Control - 50K+
- Secret Horoscope - 10K+
- Smart GPS Location - 10K+
- Animated Sticker Master - 100K
- Personality Charging Show - 100K
- Sleep Sounds - 100K
- QR Creator - 10K+
- Media Volume Slider - 10K+
- Secret Astrology - 10K+
- Colorize Photos - 10K+
- Phi 4K Wallpaper - Anime HD - 50K+
Bypassing the Play Store's security checks
Although all 35 of these apps are malicious, their developers were able to upload them to the Play Store and even push out updates that made them better at hiding on a user’s device.
In its blog post, Bitdefender highlights the bad app GPS Location Maps that has more than 100,000 downloads despite the fact that it doesn’t have any reviews. Like these other malicious apps, it changes its icon and its name to "Settings" to make it harder to find and delete.
In order to make reverse engineering their app difficult, the developers of GPS Location Maps added heavy code obfuscation and encryption. Although the initial app uploaded to the Play Store appeared legitimate, it was able to change itself after being downloaded to deliver malicious payloads and annoying, often full screen ads.
Remaining hidden from users
Just like other bad apps, these 35 malicious apps change their icons to something like a device’s Settings app. As such, even if you know the app’s name, finding and deleting it will be difficult, especially if you have loads of apps installed on your phone.
Bitdefender also notes that the initial versions of these bad apps didn’t contain any Settings icons and they were added in subsequent app updates on the Play Store. The developers also included multiple Settings icons from Motorola, Oppo, Samsung and other device manufacturers to correspond with a user’s phone model.
However, another technique used by the developers of these malicious apps is making sure they don’t show up in any recently used app lists on Android. This is done by using the flag android:excludeFromRecents=”true” in their manifest.
How to stay safe from malicious Android apps
Although only downloading apps from official stores like the Play Store or the Amazon Appstore is a great starting strategy, bad apps do manage to slip through the cracks from time to time which is why you should always be careful when downloading any new apps.
For this reason, Bitdefender recommends that you avoid installing apps you don’t really need and that you delete any apps you no longer use. At the same time, you should ensure Google Play Protect is enabled on your devices but you should also consider installing one of the best Android antivirus apps.
When it comes to new apps, you should be wary of those with a large number of downloads and few or no reviews. Also keep in mind that some reviews can be fake on the Play Store so it’s worth checking out written reviews on other sites as well as YouTube videos showing an app in action before downloading.
Finally, apps that request special permissions like being able to draw over other apps or accessing Android’s accessibility settings should be avoided when possible.