Once a person downloads the app, the executed code hides its icon and shows full-screen advertisements (which has similarities to an challenge found final month). The advertisements don’t point out which app is triggering them, and so they’re displayed even when the malicious app is closed, so customers don’t have any method of understanding which one to delete. Symantec cites financial acquire from advert income because the doubtless motivation behind the malware tactics.
Given the similarity between the apps, Symantec believes that they could have been created by one group. The app listings on the Play Store are additionally fairly sneaky: the group publishes two variations of the identical app, one being a benign model and one other being the malware model. The unaffected model could rank in prime charts or the trending class, however when customers manually seek for the app, they’ve a 50-50 likelihood of downloading the ad-triggering variant.
Where this wave differs from earlier batches of malware is in how the app icons are hidden. The programming that conceals the apps is not hard-coded. Instead, a distant change is constructed into the configuration recordsdata, which implies that Google’s safety testing does not catch that facet of the code.
Symantec and different safety companies are continuously discovering new malware practices on the Play Store, which raises the query of how proactive Google is being. It might very properly be the case that Google has efficient safety practices in place, however apps like these preserve falling via the cracks. Even if that’s the case, extra measures are wanted to higher defend Android customers from malware and adware.