Despite the implementation of strict security measures, multiple malicious applications manage to infiltrate the Google Play Store, as mentioned by information security consulting experts. This time, researchers have reported the detection of at least 56 malicious apps, downloaded by about 1.7 million users, many of them children.
These were simple apps (mobile games, camera filters, horoscope guide, among other services) developed by virtually unknown companies.
The identified applications were infected with Tekya, a malware variant used to generate fraudulent clicks in advertising controlled by Facebook, Google, AdMob, among others. This malware mimics the behavior of a legitimate user to prevent anti-malware tools and the companies that place these ads from identifying anomalous actions.
According to information security consulting experts, malicious apps managed to bypass the detection of tools like Google Play Protect and the Virus Total platform. Eventually, the malware was located by a team of Check Point researchers, who reported that at least half of these apps, focused on children’s audiences, contained the Tekya malware in their code. Google has already removed these apps from the Play Store.
In their report, Check Point experts also highlight the difficulty in keeping this platform completely safe from cyber threats: “There are about 3 million apps available on Google Play, and every day dozens, or even hundreds more are added. Users must verify the developer profile before installing a new app.”
Cybersecurity experts mention that threat actors avoid detection using native Android code, which generally uses the C and C++ programming languages, in addition to using Java to implement logic.
Although Android devices often automatically uninstall apps that Google identifies as malicious, this mechanism doesn’t always respond as it should, so the company recommends that users verify that their apps are recognized as legitimate.
Recently, the International Institute of Cyber Security (IICS) revealed the presence of a malicious app on the Play Store, claiming that it had already been downloaded more than 700 thousand times. This app was infected with a malware known as Android.Circle.1, and was used in order to infest the affected device with invasive advertisements.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
