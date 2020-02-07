advertisement

So soon on Wednesday we reported the presence of a new batch of Android apps scams that had to be removed from the Google Play Store (but not before some 382 million downloads were collected), but there’s another wave of such apps emerged aware of. And to remove from your phone, if you have one.

Two separate teams of researchers have discovered a few annoying apps and Android activity, some of which are among the worst we’ve seen. First, a new series of nine apps (since being removed from the Google Play Store after collecting around 470,000 downloads) comes through a Trend Micro report that identifies some sinister purposes for this collection of apps that disguise themselves as seemingly anodyne utilities. names like Rocket Cleaner and LinkWorldVPN. However, the Trend Micro researchers warn that the apps do everything, from silently connecting to servers to download up to 3,000 pieces of malware – and that some can even log into the Facebook and Google accounts of the unconscious users for ad fraud.

The apps in question include the following:

Shoot Clean – Junk Cleaner, Phone Booster, CPU cooler

Super Clean Lite – Booster, Clean & CPU Cooler

Super Clean – Phone Booster, Junk Cleaner & CPU Cooler

Fast games – H5 Game Center

Rocket Cleaner

Rocket Cleaner Lite

Speed ​​Clean – Phone Booster, Junk Cleaner & App Manager

LinkWorldVPN

H5 game box

The Trend Micro report suggests that these apps are from China and that, after a user installed them, they had connected to a server to do things like post fake reviews and log in to the accounts we noted above. In addition, they can cause users to unknowingly disable the Play Protect Android malware scanner in addition to other nasty actions.

The apps have been removed from the Google Play Store, but make sure you delete them all if you still have them on one of your devices.

Researchers at the Cofense Defense Center have also discovered a separate but more sinister effort – a phishing campaign targeted at Android devices with unsigned Android applications that are allowed on the device. According to a new report from the center, this is an attempt to infect devices with Anubis, “a particularly nasty piece of malware that was originally used for cyber espionage and reused as a bank trojan.

“Anubis can completely hijack a mobile Android device, steal data, record telephone conversations and even give the device ransom by encrypting the victim’s personal files. As mobile devices are increasingly used in the corporate environment, the popularity of BYOD policies can cause serious damage to this malware, especially for consumers, and companies that allow the installation of unsigned applications. “

This malicious campaign offers users an email with an attachment that acts as an invoice. When the user opens the attachment, he will see a screen asking him to enable ‘Google Play Protect’. However, after clicking OK, that approval grants the app a number of secret, very bad approvals – while, ironically, actually turning off the real Google Play Protect.

Other options that are thus enabled include the ability to take screen shots, change management settings, record audio, steal contact lists, and lock the device. As if that wasn’t enough, there is also a ransomware component. A Cofense investigator told Ars Technica that a ransomware module can be added through this campaign and can be turned on remotely once an attacker has taken everything they want from the phone and decided to simply code it for ransom.

View the Cofense report here for a list of apps targeted by this campaign (it’s a fairly long list). “Users who have configured their Android mobile device to receive work-related emails and allow the installation of unsigned applications run the greatest risk of compromise,” the report concludes.

“With the increased use of Android phones in business environments, it’s important to defend against these threats by ensuring that devices stay up-to-date with the latest updates. Restricting app installations on corporate devices, and ensuring that applications are created by trusted developers in official market places, can also help reduce the risk of infection. “

Image source: PixieMe / Shutterstock



