Security News Warning: Multi-Stage Android Malware Makes It to the Google Play Store

[Bot]

Security company ESET has discovered at least eight applications that were infected with multi-stage Android malware and available in the Google Play Store.

Before anything else, it’s important to know that Google has already been informed about these apps and has since removed them, but it’s essential to always watch out for more similar attempts as it’s apparently still possible for malware to make it to the Play store.

ESET says the apps were infected with Android/TrojanDropper.Agent.BKY malware and used a multi-stage approach to trick people into believing they downloaded clean apps.

Using common names like world news and cleaner, these apps did not ask for any special permission, which in most cases is a sign of suspicious activity, and look just like a legitimate app with no clear indication of a possible infection. In the background, however, they download a different app that helps trigger a notification asking for users’ permission to install.

Read more: Warning: Multi-Stage Android Malware Makes It to the Google Play Store

 

[tim one]

Usually Android malware try to hook native API with library injection so the main concept is quite simple, once the library is injected inside the target process, its constructor will be executed.
This means that the results of that will be executed as soon as the library is loaded.

 

[oneeye]

Playstore and play protect May not catch these types of changes in the background, but Mobile Security apps can. As they scan any changes to files, and or, scan any new downloads incoming, no matter what. But, not all of the vendors do this, or you have to enable it in settings. I have another app that catches everything but this is for app add-ons like advertising SDK, developer tools, etc. Even system apps are caught in the background. I've been using this one for years now, and love it.

Addons Detector - Android Apps on Google Play

 

[Lightning_Brian]

Another reason why I use ESET (free/paid) on any end-user who asks for a recommendation. I currently use ESET free on my phone with ZAM Premium that I received a promotion a long time ago.

I agree with @oneeye that the Google Play store and Play Protect may not find all this stuff. This is why it is essential to have an AV and an antimalware application installed on your Android phones. Personally, I would recommend this for iPhones too - yes I know some people say you don't need it.

Great post!