Symantec has found two new sets of malicious apps on the Google Play store. The first set of seven apps seems to have been re-uploaded, after being pulled down for being malicious, just by merely changing their names. The other set of 38 apps seems to trigger links in the background, aiming to drive traffic to those sites, without the knowledge or permission of the user. There's also another set of 15 malicious apps reported that seem to open ads and download payload without the consent of the user.
The security research firm has discovered that seven malicious apps that were taken down have now found their way back to Google Play. The maker of these apps has only changed the name of these seven apps, and re-uploaded them through a new developer account. There has been no other change in code whatsoever, according to Symantec. It's quite alarming, given the security checks Google performs before allowing an app on the Play Store. These apps, after being installed, ask for all the necessary admin permissions, and then take the user to a Google ad, or load scam sites on the smartphone browser. These malicious apps are falsely promoted as calculators, apps lockers, call recorders, space cleaners, and emoji keyboard additions on the Google Play store.
Secondly, there is a separate set of 38 apps that were discovered by Symantec as well, and these look to drive traffic to various blog sites. These apps made it to the official Google Play store, and instead of what they are intended to do, the apps load various blog URLs in the background.
"The URLs lead to various blogs and it is likely the app is being used to increase Web traffic to these sites. So far, the majority of users downloading these apps seem to be located in the US, US, South Africa, India, Japan, Egypt, Germany, Netherlands, and Sweden. The presence of the apps on the Google Play store and the seemingly legitimate app names and descriptions allowed the apps to be downloaded onto at least 10,000 devices," Symantec explains on its blog. The research firm contacted Google regarding both these set of malicious apps, and has got them removed from the Play Store.
Additionally, ESET mobile security researcher Lukas Stefanko has discovered 15 separate malicious apps with over 400,000 downloads. He wrote on Twitter that "these apps can download additional payload and display [and] click on 'invisible' ads. Everything is hidden from user's view."