One of the most common ways to spread Android malware, including malware found on the official Google Play Store, is by masquerading as a legitimate popular application. The last such example that we blogged about on WeLiveSecurity was a fake Dubsmash app and Android/TrojanDropper.Mapin compromising tens of thousands of users' devices. In order to help make Google Play a safer place for Android users, ESET continues to monitor the official Android app market for malicious or potentially unwanted applications.
Another threat that has also been installed more than 200,000 times, having been available on Google Play for more than a month. The apps posed as Cheats for Pou, Guide For SubWay and Cheats For Subway, claiming to offer the same application functionality in apps. The payload of these applications was to deliver ads to users at regular intervals.
While ad-supported applications are common in the Android ecosystem, there’s a clear boundary of behaviors that ESET cannot condone. These particular AdDisplay PUAs contain specialized self-protection functionality not only to make the removal of the malware from the Android device more difficult, but also to evade detection by Google Bouncer in the first place.
When users realize that the apps display very unusual behavior and try to uninstall them: it will not be easy, because they ask the users to activate the Devices administrator rights. Thus, users might have a few problems with removing this AdDisplay threat. This AdDisplay also uses an interesting anti-bouncer technique to evade being blocked by the Bouncer filter before it is released on Google Play.
Comments
Post a Comment