Corrupted applications drop a multi-stage malware on Android devices
According to the Android experts, eight malicious apps were spotted on the Google Play store that were developed to infiltrate a multi-stage malware on the devices. Despite the excellent ability to circumvent antivirus systems, the bogus programs were identified as Android/TrojanDropper.Agent.BKY by the professional security software.
Luckily, none of these harmful applications received more than several hundred downloads and were removed from the Android app store immediately. However, those who suffered from the attack were mainly located in Netherlands and reached the final stage of the malware.
Malicious program passes through 4 phases to load a banking Trojan
Researchers from ESET explain that the malware is able to hide itself since it doesn’t ask any suspicious permissions to gain administrative rights at first and impersonates a legitimate activity that the app is supposed to perform.
After the installation, the malicious app stealthily decrypts and executes malware payloads in a 4-stage process. This activity is invisible to the users because they are deluded by the regular app procedures. Usually, they offer system optimization or other innocent services.
The first phase decrypts and executes a second-stage payload as mentioned above, which contains an URL that is hardcoded. Shortly after, it downloads a third-stage payload that disguises under a well-known app such as Adobe Flash Player or its update.
To confuse the victims even more, it delays the request to install the application for several minutes. If the user permits the installation of the app, it drops a final payload and takes over the administrative rights of the device.
According to our research, the final phase launches a banking Trojan that displays fake log-in pop-ups that steal usernames, passwords, and other credentials of the victims.
Bogus applications show links to the infamous Android virus
The term Android virus is used to describe a group of malicious apps that are designed to either steal personal information or encrypt data and demand a ransom. This attack is not an exception since it possesses similar distribution techniques as other phone threats which are attributed to the Android malware.
Be aware that you should carefully introspect applications you attempt to download since hackers manage to create new methods used to hide the presence of the malware. This multi-stage infection might inspire other criminals to examine possible system vulnerabilities and use them to deliver new bogus programs to the Google Play store.