Trend Micro spotted 36 malicious apps advertised as security tools in Google Play

Researchers from Trend Micro have discovered 36 malicious apps on Google Play that are posing as security tools of major firms.

Once again crooks bypassed security checks implemented by Google, researchers from Trend Micro have discovered 36 malicious apps on Google Play that are posing as security tools.

Crooks advertised the apps as security tools as applications developed by major security firms, including Security Defender, Security Keeper, Smart Security, Advanced Boost.

The applications were developed to steal user information and flood them with ads.

“These apps posed as useful security tools under the names Security Defender, Security Keeper, Smart Security, Advanced Boost, and more. They also advertised a variety of capabilities: scanning, cleaning junk, saving battery, cooling the CPU, locking apps, as well as message security, WiFi security, and so on.” reads the blog post published Trend Micro.

“The apps were actually able to perform these simple tasks, but they also secretly harvested user data, tracked user location, and aggressively pushed advertisements.”

The apps collect information such as the user’s Android ID, Mac address, IMSI, OS data, brand and model of the device, device specifics, language, location information, and data on installed apps like Google Play and Facebook to sends to a remote server.

The malicious apps are also capable of uploading installed app information, attachments, user operational information, and data on activated events as well.

When the apps are launched for the first time, they will not appear on the device launcher’s list of applications, the shortcuts will also not appear on the device screen in this way victims will only be able to see notifications sent by the apps. The malicious apps typically push alarmist security warnings and pop-up windows to the victims.

Experts noticed that the apps implement a specific function called “hide” that will not allow the applications to run on specified devices including the Google Nexus 6P, Xiaomi MI 4LTE, ZTE N958St and LGE LG-H525n. Experts believe that the “hide” function was developed to avoid security checks implemented by Google Play.

The apps bombard the users with false security notifications and other messages like advertisements, examples of notifications are “10.0 GB files are being wasted” or “Fraud SMS Broadcast Vulnerability.”

If a user clicks the displayed button on the prompt, the fake security tools will show a simple animation notifying the resolution of the problem.

“The user is bombarded with ads with almost every action. It is clear that one of the main focuses of the app is ad display and click fraud.” continues the analysis.

“Users are actually asked to sign and agree to a EULA (end-user license agreement) which describes the information that will be gathered and used by the app,” researchers said in the report. “But we can still say that the app abuses privacy because the collection and transmission of personal data is unrelated to the functionality of the app.”

The game security tools were spotted in December 2017 and promptly removed.

source : Security Affairs January 8, 2018 at 07:25PM