Watch out! Driving games' malware affects over 500,000 Android users
What's the story
More than half a million Android users have been affected by malicious apps posing as driving games or trucking simulators on Google Play Store. The apps looked fairly legitimate but downloaded a malicious package in the background, for the purpose of serving ads. They have now been booted, but their appearance in the first place raises questions over Play Store's security measures. Here's more.
App details
13 driving games, all from the same developer
Lukas Stefanko, an ESET-based security researcher, discovered a set of 13 driving-related apps, all coming from a developer named Luiz O Pinto. Most of them had three stars and icons that looked similar to that of legit games. But, most worryingly, all apps combined had over 560,000 installs and two of them were trending on Play Store, which gave them greater visibility.
Attack
Once installed, the apps disappeared and installed malicious packages
According to Stefanko, when these apps were opened, they didn't run the driving game or simulator they were expected to run. Instead, they just crashed and downloaded a malicious package in the background, while hiding their icons at the same time. If installed, the malware forced the users to see ads as and when the phone was unlocked, affecting their experience.
Twitter Post
Here's how the malicious app crashed
App functionality demonstration pic.twitter.com/11HskeD56S
— Lukas Stefanko (@LukasStefanko) November 19, 2018
Information theft
Did this malware steal information from infected devices?
The malware downloaded background display ads for sure using 'full network access'. But, it still remains unclear if it used the same network for mining information from the infected phones as well. Malware apps have done this in the past, but this particular one looks like a case of adware delivery for generating money for the publishers.
Google's action
Now, they have been removed by Google
After Stefanko flagged the 13 malware sources, Google came to the rescue and removed them from the Play Store. "Providing a safe and secure experience for our users is our top priority," a spokesperson from the company said in a statement. "We appreciate the researcher's report and their efforts to help make Google Play more secure."
Questions
Questions looming over Google Play security
Google was quick to act, but only after the apps were reported by the researcher. This raises questions over Play Store's security and what the company is doing to prevent such apps from appearing in the first place. Unlike Apple, Google has long faced criticism over app security (despite implementing better security features). And now, this issue makes another bad case for the company.