Discovering many applications containing malware on Google Play Store, Android users should worry gradually
The new Google Play Store has discovered a lot of malware-infected applications never seen before. Four security companies have been announcing about the malware campaign hidden in the Android app on the Google Play store.
Yesterday, Dr.Web, Malwarebytes and McAfee said, there are three new Android malware groups hidden in games and applications uploaded to Play Store.
ESET spokesman said the company also found a new multi-stage malware stream.
- UC Browser has been removed from Google Play Store because of its unhealthy use of "tricks"
Malware Grabos pushes notification of application installation fraud
Based on the details of the report, the most complex and widespread threat of Grabos malware was found by McAfee researchers.
The McAfee team said they identified 144 applications in Play Store containing the new malware, most of which are hidden in music players and MP3 download applications.
According to statistics from 34 out of 144 applications, McAfee said malicious applications had between 4.2 million and 17.4 million downloads.
The main purpose of Grabos is to display fake notifications on infected devices, to trick users into downloading and installing other applications.
AsiaHitGroup targets Asian users only
The second Android malware was discovered by security researchers Malwarebytes and named AsiaHitGroup because it uses an IP address blacklist to target users in Asian countries.
Initially, AsiaHitGroup was found in the QR code scanning application called Qr code generator - Qr scanner is also available on the Google Play store.
On infectious devices, AsiaHitGroup malware can download phase 2 threats - a trojan virus whose primary function is to subscribe to premium phone numbers via SMS.
Malwarebytes also said it found the malware in applications other than QR code scanning software, such as alarm apps, compass, photo editing, Internet speed testing, etc., but the company did not save Reveal the application name and not indicate which Google has removed the malicious application at the present time.
Android cable software downloads web pages in hidden browsers
The third malware campaign involving Google Play Store was also recorded by Dr.Web. This campaign focuses on an adware stream identified as Android.RemoteCode.106.origin.
Researchers have found this trojan in 9 apps on Play Store, which has downloaded from 2.37 million to 11.7 million.
After users install any malicious applications, they will open a web page in the hidden WebView (hidden browser). This process will increase fake web traffic and help some web operators win from displaying ads.
Dr.Web said that the company has informed Google about applications containing malware and some have updated the code to remove threats from the virus.
Hopefully the malware containing the software will be fixed by Google as soon as possible.
You should read it
- What is Malware Joker? How to fight Malware Joker?
- What is Clipper Malware? How does it affect Android users?
- Hackers are taking advantage of the Store to distribute malware
- Sockbot malware was discovered in applications on Google Play Store
- BankBot is back on Play Store - an uninterrupted story about malware on Android
- The Joker malware once again bypassed Google's security, spreading strongly on the Play Store
- How to avoid Malware when downloading Pokemon GO?
- How many types of malware do you know and how to prevent them?
- Discovered a Vietnamese student posting 42 Android apps containing malware on Google Play Store
- 10 typical malware types
- 5 types of malware on Android
- Detecting Android malware can easily steal OTP code without the victim knowing
Maybe you are interested
Modern malware has more sophisticated ways of hiding
How do criminals use CAPTCHAs to spread malware?
6 signs that your smartphone is infected with malware
What to Know About Peaklight: New Stealth Malware Targets Illegal Movie Downloads
Warning: TryCloudflare is being abused to distribute remote access malware
Learn about Warmcookie: Malware that targets people looking for work