Android’s Google Play Store has been found to be riddled with malware-filled apps according to ESET earlier this week.
Regardless of Google Play’s Protect program, malware is still leaking through the cracks and into consumer devices. While the program is meant to keep malware from being smuggled into the market, it isn’t 100% effective.
Earlier this week several apps utilizing a multi-stage malware attack were published onto the Google Play Store, giving the virus developers complete power over victims’ devices. To make matters worse, it’s completely invisible to the user.
According to ESET, the malicious developers programmed applications in layers so that a user wouldn’t download any malicious code until a certain action was performed within the app. This avoids Google’s automatic detection of malware functions within program code. The latest threat has been dubbed Android/TrojanDropper.Agent.BKY by the antivirus industry.
Basically, once the app is launched a background function is initialized that decrypts the payload onto the user’s device. The process repeats itself until the malicious code is finally delivered. The multiple layers seem to have been implemented to avoid Google’s Protect detection.
It gets deeper though. This second payload decrypts a third payload, the final payload to contain the malware. Users are prompted with a harmless option to update or install a common household name application such as Adobe Flash Player or a generic Android update.
If the user declines, they’ll avoid a virus. Otherwise… bingo, they’re done for. Or at least until they run an antivirus program on their Android device.
ESET reports that this is just one of many ways cyber criminals are attempting to infect devices across all platforms for a variety of reasons, from cryptocurrency mining to botnet usage. Android holds an enormous portion of the mobile software industry — a massive infection could be fatal to Google and other companies. Some examples of such multi-stage malware attacks include ransomware payloads, keyloggers, RATs (remote administrator tool, giving attackers complete control over your device), and more.
Of course Google Play’s Protect program is expected to stop such attacks, but in today’s technological world it’s impossible to avoid hackers. Such discoveries and attacks, however, lead to better solutions in the future to prevent such assaults on Android devices.
To avoid attacks that Google Play’s Protect can’t, we recommend always reading the permission requests made by apps to prevent unnecessary data access or device usage. It’s also highly recommended to never download and install apps outside of the Google Play Store.