Android malware and spyware is very active this May

by Olivia Morelli - - 2018-05-10

Malicious apps appeared on Google Play Store again

Android malware is active this May

Researchers detected a bunch of malicious apps on the official Google Play Store. Surprisingly, some of them were seen before. According to the researchers, at least seven of the detected apps are versions of malware identified as Android.Reputation.1 which were removed a while ago. However, creators of Android malware came back with slightly modified app code, new names and published them as new developers.^[1]

Recently detected malicious apps were presented as emoji keyboard, various space cleaners and app lockers, call recorders and calculators, but they did not have promised features. However, the fraudulent apps remain silent for a while and started malicious activities after a couple of time.

Just like many other versions of Android viruses,^[2] this one also tries to get admin privileges of the affected smartphone. Developers mimicked Google Play screen in order to trick users into activating administrator rights. It goes without saying that in this way app becomes very hard to remove and can perform malicious tasks without being disturbed.

Another sneaky feature of these variants of Android.Reputation.1 uses legitimate Google apps’ icons and “running apps icon” in the system settings, for instance, Google Maps. Therefore, users might be unable to recognize malicious app without security software.

Some versions of Android virus can delete their icons from home screen

Another group of Android.Reputation.1 malware is more sophisticated and can hide better on the targeted device. Researchers reveal about at least 38 games and education apps on Google Play Store that deletes their icons from the home screen soon after the installation.

Therefore, malware works in the background and is hard to detect manually. The main feature of the app is to promote mobile adware called “Change my voice.” However, the app created by TopTech^[3] does not only changes the voice but floods the device with lots of ads.

Additionally, adware redirects to various blogs or other questionable sites. Hence, specialists assume that this group of malicious apps is designed to boost traffic to particular websites. Fortunately, all of them are already removed from Google Play store.

However, such apps were installed at least to 10,000 Android devices in the United States, the United Kingdom, South Africa, Egypt, India, Japan, and few European countries, such as Sweden and Netherlands. Users are recommended to obtain mobile antivirus software and clean their devices from adware or other malware they may have accidentally installed as well.

Maikspy spyware detected spreading on Twitter: Android and Windows OS users should be cautious

Maikspy differs from the previously discussed malicious applications. It spreads via malicious short-links of Twitter. Hence, it did not sneak into legit Google Play Store. However, this spyware is known for a couple of years and is very dangerous.

Maikspy malware was spotted on December 2016 aiming at Windows computer users. However, it seems that developers of malware decided to get more advantage of malicious software and released an Android version after a month in January 2017. However, researchers report about a new wave of spyware which is active since March 2018.^[4]

The main purpose of the spyware is to collect various information from Android users, such as:

affected device location;
SMS;
contacts;
record sounds;
device’s clipboard;
phone number;
installed app lists;
account information.

Originally, Maikspy spyware used the name of the American porn star Mia Khalifa^[5] and spread as the adult game. However, developers stopped using an actress but remain loyal to their target audience – Android and Windows users who are into adult-themed games.

As we briefly mentioned, a malicious game is promoted on popular social network Twitter. As soon as people click on a link, they are redirected to the website that promoted a game called “Virtual Girlfriend.” If users proceed with the instructions on the screen, they download data-stealing malware on the device.

We want to remind users to be very careful with games that are promoted in such sneaky way. Keep in mind that the majority of risks are hidden under adult-themed or illegal content, so you should keep away from it to protect your device and privacy.

About the author

Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions

References

^ Danny Palmer. Android security: Malicious apps sneak back into Google Play after tweaks. ZDNet. Technology news, analysis, comments and product reviews.
^ Jake Doevan. Android virus. How to remove? (Uninstall guide). 2-spyware. Cyber security and spyware news.
^ May Ying Tee, Martin Zhang. Hidden app malware found on Google Play. Symantec blogs. Analysis and commentary on the cyber threats .
^ Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users. Trend Micro. Security Intelligence blog.
^ Spyware uses malicious adult games to infect Android & Window devices. HackRead. Latest cyber crime infoSec, tech, hacking news.