Updated: Google has confirmed that another set of Play Store apps have now been removed after they were found to be infecting devices with malware. Any users with those apps installed should ensure they are uninstalled from their devices. The seven apps are designed to open backdoors onto an infected device, pulling separate malware apps from elsewhere, circumventing Play Store security. When those apps are downloaded and installed, they hide away from users who don’t even realize they’ve been brought onto their phones. The malicious intent of the latest malware-laced apps is ad fraud , but there is a more dangerous threat lurking behind.
This latest warning comes just as as Google announced an “App Defense Alliance” to “ensure the safety of the Play Store.” The seven apps, discovered by the threat research team at Wandera, do not contain ad fraud malware themselves. Instead they are dropper apps—they download malware “payload” apps and install them onto target devices. This leaves the user with both the dropper app and the payload app installed. Both need to be identified and deleted. The dropper apps bypass store security to bring in threats from outside the ecosystem.
These dropper apps pull the malware payloads from Github, and Wandera VP Michael Covington told me the team was escalating details about the apps “because the backdoor introduced via the dropper code is a significant risk for anyone using these apps—given the obfuscation techniques in use, we have not yet ruled out other apps that may be using similar techniques to introduce unsanctioned code.”