A music app in the Google Play Store called Super Free Music Player turns out to be yet another malware-infected app that Google has missed. So far, between 5,000 and 10,000 people have downloaded it.
The app was uploaded to the Play Store on March 31 this year, which means that it was posted for more than a month before it was discovered. Once downloaded, the malware activates and downloads additional payloads from remote websites, as well as upload the data from the infected Android device. The data that can be uploaded includes reports about the apps that are installed, model, manufacture, phone’s SDK version, the country and even which language the phone is set.
The infected app itself used a technique that was witnessed earlier in case of the BrainTest malware. This technique can bypass detection even when it comes to Google and its researchers, at least according to researcher Rowland Yu of SophosLabs.
BrainTest was discovered in 2015 by Check Point on a Nexus 5 smartphone. The malware used several techniques to remain undetected in the Play Store, as well as to simply remain on the infected device. After the discovery, Google Play was quick to remove the malware, but now it is back with a new name.
- It came back to Google Play as Super Free Music Player (Andr/Axent-DS) and attracted 5,000 – 10,000, according to SophosLabs
The discovery was almost accidental, and it happened as a part of the malware hunt that was organized in order to purge the infected apps. Google Play Store is having quite a problem with the infected applications lately, and this sweep was necessary after some apps were discovered to be infected for months, while some were there for years, spreading infections without anyone noticing. The most used malware was the FalseGuide malware, that infected over 40 apps and more than 2 million users during 5 months before it was discovered.
Furthermore, last month, a Trojan called BankBot was found targeting hundreds of the Play Store’s apps. Its ‘job’ was to steal online banking credentials from the infected device. Another incident happened in March when 87 mods for Minecraft appeared in the Play Store. Almost 1 million people downloaded them and were instantly bombarded by ads and scam activities.
This has become quite a problem, and the Play Store seems to be too big for a regular sweep, so the elimination of all of these apps pretty much became a whack-a-mole activity. Check Point is doing its best to help out Google by reporting the malicious apps, leading Google to quickly a removal. However, new malicious apps are being uploaded as soon as the problem is solved, turning to an endless cycle, and not even Google has figured out how to stop it so far.
Image Credit: Flickr
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.