Security News > 2022 > July > Google Boots Multiple Malware-laced Android Apps from Marketplace
Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads.
The trojan would hide in the advertisement frameworks utilized by the malicious apps propagating it; these frameworks aggregate and serve in-app ads.
After the apps with Joker were installed, they would show a "Splash" screen, which would display the app logo, to throw off victims while performing various malicious processes in the background, such as stealing SMSes and contact lists as well as performing ad fraud and signing people up for subscriptions without their knowledge.
While Ingrao discovered the offending apps in July 2021 and reported them to Google quickly, he told BleepingComputer that the company took six months to remove six of the apps.
Artnz was critical of the lag time between discovery and removal, though he did not speculate as to the reason why, noting only that "The small footprint and masked usage of APIs must make it hard to find malicious apps among the multitude of apps that can be found in the Google Play Store."
The company has a storied history of struggling to keep malicious apps-in particular fleeceware-off its mobile app store for the Android platform.
News URL
https://threatpost.com/google-boots-malware-marketplace/180241/
Related news
- Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (source)
- PixPirate Android malware uses new tactic to hide on phones (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Google's new AI search results promotes sites pushing malware, scams (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google rolls out new Find My Device network to Android devices (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- Google ad impersonates Whales Market to push wallet drainer malware (source)