collected by :Mina Lony
A common recommendation that Android users get for avoiding malware is to stick with Google Play and not download any apps from other sources.
But that is not the end of the saga, as a new variant, called HummingWhale, has been found on Google Play.
HummingWhale employs shady techniques to boost its ratings on Google Play, which could fool users into thinking that the infected apps are genuine.
“The fraudulent ratings left by such malware is another reminder that users cannot rely on Google Play for protection, and must apply further, more advanced means of security”, adds Check Point.
The malware displays fake ads and, using an Android framework called DroidPlugin, creates a fake referrer id to generate revenue for the attackers.
Android Trojan Hijacks Google Play Store, Covertly Downloads or Purchases Apps
Security researchers have discovered a new Android trojan named Skyfin that can infiltrate the local Play Store Android app and download or purchase other apps behind the user’s back.
Skyfin injects itself in Play Store app processWhile Android.DownLoader itself could be used to download other apps, Skyfin appears to be a trojan specialized in seamlessly infiltrating the standard Google Play Store app, containing features built specifically for this role.
According to Dr.Web, a security firm based in Russia, one of the apps downloaded in some of these instances contains the Skyfin trojan.
Skyfin can perform all these actions by injecting itself in the native Google Play Store app process and by stealing and mimicking the device’s unique ID, the phone owner’s Google account, and internal authorization codes.
After Google removed the app from the Play Store, subsequent Skyfin infections contacted a command and control server from where they retrieved a list of apps they had to install.
Virulent Android malware returns, gets >2 million downloads on Google Play
Gooligan, a family of Android malware that came to light in November after it compromised more than 1 million Google accounts, contained similar abilities to tamper with Google Play ratings.
Until now, Android malware that wanted advanced capabilities typically had to trick users into approving sometimes scary-sounding permissions or exploit rooting vulnerabilities.
A virulent family of malware that infected more than 10 million Android devices last year has made a comeback, this time hiding inside Google Play apps that have been downloaded by as many as 12 million unsuspecting users.
Google officials removed the malicious apps from the Play market after receiving a private report of their existence.
A separate app from Check Point competitor Lookout also detects the threat as a variant of the Shedun malware family.