According to Max Weinbach of Android Police, “Samsung is hosting literal malware on the Galaxy Store.”
It is becoming harder and harder to evade online scams, especially those involving Android applications. According to an analysis from Android Police’s Max Weinbach, Samsung is hosting several infected Android apps on its official Galaxy Store that may insert malware into your phone.
Showbox Movie Apps Laden with Malware
Weinbach came across the shady apps while searching the Galaxy Store for Hulu app noted that several Showbox-based applications were available on the Galaxy Store. Some of them triggered Google Play Protect’s warning after getting installed.
When one of the apps at VirusTotal was examined, it generated more than one dozen low-grade alerts ranging from adware, malware, trojans to riskware. Moreover, a few of these malicious apps requested more permissions, such as accessing call logs, contacts, and the telephone.
The researcher then posted about this on Twitter, and Android Police further explored the issue.
What is the Issue?
Android Police identified that the app Weinbach tweeted about is a replication of an old movie piracy app known as Showbox. Many of these apps were available on the Galaxy Store just a week before. However, as of December 30th, none of the apps was available, indicating that the South Korea-based Samsung must have acted after the reports circulated.
Reportedly, the Galaxy Store comes pre-installed with all the latest smartphones manufactured by the company, therefore if people have downloaded the infected app, they could be exposed to numerous kinds of risks. At least two shady Showbox apps were identified during the analysis.
Further probe revealed that the app’s ad tech could perform dynamic code execution, and while the app may not directly contain malware, it can download/execute other codes, including malware.
According to Android security analyst Linuxct, though there are few legit use cases for this functionality, it is possible to weaponize them.
“So at any moment it may become a trojan/malware, hence it’s unsafe and thus why so many vendors flagged it in VT/Play Protect,” Linuxct told Android Police.