It is not new that malicious android application posing as legitimate application are found in the Google Play Store. We use to have a notion that any app that is on the Play Store is safe to be downloaded and install. But that is not the case these days, various malware disguise themselves among the application that are there in the play store and lure android users to download and install them.
However, this time, a number of such application has been detected to be impersonation as security scanner application.
Details of the campaign-
An android malware family named Brazilian Remote Access Tool Android (BRATA) has feen detected with new strains which were capable of propagating a backdoor that could steal confidential information. Generally, these apps target the users of Brazil, the U.S., and Spain, where they have been installed somewhere around 1,000 to 5,000 times. Another malicious app named DefenseScreen was installed around 10,000 times before being taken down from the Play Store.
History-
- BRATA was a banking trojan when it was first spotted in 2018.
- This was distributed entirely through Google Play and these enabled the attacker to lure the victim into downloading the software by notifying about security issues that never existed.
Other such malware that are available are FlixOnline, that disguised as Netflix app and stole WhatsApp conversation. Also, Class82 dropper was detected to be hidden in nine legitimate Android utility app last month. These app were distributed using Play Store.
Conclusion-
We can no more blindly trust the apps that are on the Google Play Store just for the sake of it. The users should remember that no app in the Play Store ever asks for third party permission and all apps should be updated via play store only. Research suggest that malware groups like BRATA will evolve to be more powerful and come up with better techniques of obfuscation and newer and better capabilities.