Google Play hosted malicious apps that got installed by 1.7 million users

Posted on Wednesday, March 25 2020 @ 11:13 CET by Thomas De Maesschalck
GOOG logo
ARS Technica writes Check Point security researchers discovered that Google's Play store hosted a total of 56 malicious apps that got installed by 1.7 million users. Twenty-four of these apps were marketed to children. The security researchers note these apps were written in native Android code (C or C++), which made them harder to detect than typical Android apps that are written in Java.
Tekya is a family of malware that generates fraudulent clicks on ads and banners delivered by agencies including Google’s AdMob, AppLovin’, Facebook, and Unity. To give the clicks the air of authenticity, the well-obfuscated code causes infected devices to use Android’s “MotionEvent” mechanism to imitate legitimate user actions. At the time that researchers from security firm Check Point discovered them, the apps went undetected by VirusTotal and Google Play Protect. Twenty-four of the apps that contained Tekya were marketed to children. Google removed all 56 of the apps after Check Point reported them.
Additionally, security researchers from Dr.Web discovered an undisclosed number of Google Play apps with Android.Circle.1 malware. These apps were downloaded over 700,000 times. All reported apps have been removed by Google. If things work as intended, this process also involves the installation of malicious apps on user devices.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments