Skip to content
Security 2 min read

8 malicious apps were detected on the Google Play store

Olivia Morelli Ransomware analyst Published

Corrupted applications drop a multi-stage malware on Android devices

Multi-stage malware targets Android users

According to the Android experts, eight malicious apps were spotted on the Google Play store that were developed to infiltrate a multi-stage malware on the devices. Despite the excellent ability to circumvent antivirus systems, the bogus programs were identified as Android/TrojanDropper.Agent.BKY by the professional security software.

Luckily, none of these harmful applications received more than several hundred downloads and were removed from the Android app store immediately. However, those who suffered from the attack were mainly located in Netherlands and reached the final stage of the malware[1].

Malicious program passes through 4 phases to load a banking Trojan

Researchers from ESET[2] explain that the malware is able to hide itself since it doesn’t ask any suspicious permissions to gain administrative rights at first and impersonates a legitimate activity that the app is supposed to perform.

After the installation, the malicious app stealthily decrypts and executes malware payloads in a 4-stage process. This activity is invisible to the users because they are deluded by the regular app procedures. Usually, they offer system optimization or other innocent services.

The first phase decrypts and executes a second-stage payload as mentioned above, which contains an URL that is hardcoded. Shortly after, it downloads a third-stage payload that disguises under a well-known app such as Adobe Flash Player or its update.

To confuse the victims even more, it delays the request to install the application for several minutes. If the user permits the installation of the app, it drops a final payload and takes over the administrative rights of the device.

According to our research, the final phase launches a banking Trojan that displays fake log-in pop-ups that steal usernames, passwords, and other credentials of the victims[3].

Bogus applications show links to the infamous Android virus

The term Android virus[4] is used to describe a group of malicious apps that are designed to either steal personal information or encrypt data and demand a ransom. This attack is not an exception since it possesses similar distribution techniques as other phone threats which are attributed to the Android malware.

Be aware that you should carefully introspect applications you attempt to download since hackers manage to create new methods used to hide the presence of the malware. This multi-stage infection might inspire other criminals to examine possible system vulnerabilities[5] and use them to deliver new bogus programs to the Google Play store.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.