New Android malware on Play Store disables Play Protect to evade detection

This malware disables Google’s only security mechanism against malware-infected apps on the Play Store. What could go wrong, isn’t?

This malware disables Google’s only security mechanism against malware-infected apps on the Play Store.

While the Android and iOS fanbase can be found constantly at war over the advantages one offers as compared to the other, there is one place where iOS wins by miles. We are talking about security with the latest malware discovered by Kaspersky Lab among an app on the Play Store. 

Dubbed “Trojan-Dropper.AndroidOS.Shopper.a,” the trojan tricks users into being downloaded by posing with a system icon and a similar name to a legitimate Android application. Once the fish (YOU) takes the bait, it starts with its magic by collecting your device’s sensitive and not-so-sensitive information including the IMEI Number, IMSI number, the network type and the country it is in. 

Once done, it sends the data to its command & control server (C&C) from which attackers behind the campaign can coordinate their future moves. These include tasks such as “Opening links received from the remote server in an invisible window (whereby the malware verifies that the user is connected to a mobile network)” as detailed by researchers.

See: Popular Android Emoji keyboard app makes millions with unauthorized purchases

But this isn’t where it ends. Additionally, the trojan helps boost the popularity of other “sister-malicious-apps” on the Play Store by posting overly optimistic reviews. Leaving the user little to do, it also happens to install certain apps from a third party store named Apkpurecom with the victim’s permission. 

How it does this is by abusing an accessibility service present to facilitate the disabled. To prevent any detection, it also disables the “Google Play Protect” which is normally used to protect Android users from such malware. Currently, (as shown above) with the statistics released by researchers, it was revealed that it is the most widespread in Russia with 28.46% of infected users. Brazil and India conveniently follow at 18.70% and 14.23% respectively.

“Distribution of the Trojan by Region for October-November 2019, image by Kaspersky.”

In conclusion, to save yourself from such attacks, simple precautions can go a long way. These include filtering apps to see if they contain real reviews in actuality, recognizing red-flags such as a low number of downloads on famous household apps and carefully sifting through permissions apps ask for.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts