Despite the implementation of strict security measures, multiple malicious applications manage to infiltrate the Google Play Store, as mentioned by information security consulting experts. This time, researchers have reported the detection of at least 56 malicious apps, downloaded by about 1.7 million users, many of them children.
These were simple apps (mobile games, camera filters,
horoscope guide, among other services) developed by virtually unknown
The identified applications were infected with Tekya, a malware variant used to generate fraudulent clicks in advertising controlled by Facebook, Google, AdMob, among others. This malware mimics the behavior of a legitimate user to prevent anti-malware tools and the companies that place these ads from identifying anomalous actions.
According to information security consulting
experts, malicious apps managed to bypass the detection of tools like Google
Play Protect and the Virus Total platform. Eventually,
the malware was located by a team of Check Point researchers, who
reported that at least half of these apps, focused on children’s audiences,
contained the Tekya malware in their code. Google has already removed these
apps from the Play Store.
In their report, Check Point experts also
highlight the difficulty in keeping this platform completely safe from cyber
threats: “There are about 3 million apps available on Google Play, and
every day dozens, or even hundreds more are added. Users must verify the
developer profile before installing a new app.”
Cybersecurity experts mention that threat
actors avoid detection using native Android
code, which generally uses the C and C++ programming languages, in addition to
using Java to implement logic.
Although Android devices often automatically
uninstall apps that Google identifies as malicious, this mechanism doesn’t
always respond as it should, so the company recommends that users verify that
their apps are recognized as legitimate.
Recently, the International Institute of Cyber
Security (IICS) revealed the presence of a malicious app on the Play
Store, claiming that it had already been downloaded more than 700 thousand
times. This app was infected with a malware known as Android.Circle.1, and was
used in order to infest the affected device with invasive advertisements.