Security News

A new campaign of malicious photo apps on Google Play floods Android devices with random ads instead of functioning as advertised. One of the hallmarks of the app is that once it's downloaded, it plays "Hide and seek" with the device, with the icon disappearing from the home screen, forcing users to go into the Settings menu to find the app if they want to see if it's been installed or open it.

A new variant of the infamous Joker malware has once again made it onto Google Play, with Google removing 11 malicious Android applications from its official app marketplace, researchers disclosed Thursday. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people."

Always a thorn in Google's side, the Joker malware arrived as a new variant a few months ago and evaded Google Play Protect to infect legitimate apps and sign people up to premium services. Check Point researchers disclosed its findings to Google, which removed 11 identified apps from Google Play by April 30, 2020.

The apps were among a small haul of 38 beauty-themed apps the company detected from the same developer which were reported to Google for bombarding users with unwanted ads. As well as serving out of context ads at every opportunity, the apps also sent users to websites and made it difficult to de-install the apps using techniques such as hiding icons from the home screen and apps folder.

A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender. Beginning with an innocuous-looking dropper hosted on the Google Play store, masquerading as one of a number of legitimate apps, Mandrake allowed its Russian operators to snoop on virtually everything unsuspecting targets did on their mobile phone.

Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that's distributed via dozens of apps within the Google Play official market, as well as other outlets like the third-party marketplace known as APKpure. Kaspersky's report follows previous research from BlackBerry, which connected OceanLotus to a trio of fake apps for Android last year.

Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun to take advantage of the situation to use coronavirus-related keywords in their app names, descriptions, or in the package names so as to drop malware, perpetrate financial theft and rank higher in Google Play Store searches related to the topic.

More than 50 Android apps on the Google Play Store-most of which were designed for kids and had racked up almost 1 million downloads between them-have been caught using a new trick to secretly click on ads without the knowledge of smartphone users. While the offending apps have been removed from Google Play, the find by Check Point Research is the latest in an avalanche of ad fraud schemes that have plagued the app storefront in recent years, with malware posing as optimizer and utility apps to perform phony clicks on ads.

Researchers have discovered a new family of auto-clicker malware that commits mobile ad fraud, lurking in 56 apps on the Google Play store. Google's uphill battle against malware on Google Play is well known, and the vendor has made a concerted effort in the last couple of years to get rid of bad or unpatched apps and malware.

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The comments under the Google Play download pages for these specific eight apps described the apps acting suspiciously, serving as red flags for potential downloaders.