Hackers use the most complex techniques in order to infect users’ computers and devices. And, among them, we can highlight the fact that hide malware inside legitimate apps so that it can avoid being detected by antiviruses and endanger the security of users. Within Android, for example, almost every time malware sneaks into the Play Store, the scope is minimal (no more than a few thousand users). But, if they do it right, it is possible to reach infect a million users without raising suspicionas this app has done.
Just this week, security firm Malwarebytes found a number of apparently reliable apps with good ratings, but actually hiding malware inside. Specifically, these apps hid malicious software designed to steal sensitive information from victims’ devices, or to generate revenue for hackers by displaying advertisements.pay per click“, or “pay per click”.
When we install it, the app waits 72 hours so as not to raise suspicions before it starts stealing information and showing a huge number of ads on our mobile. After that time of grace, we begin to see all kinds of messages and warnings, almost all of them focused on scaring us with a “supposed infection” and that invites us to buy, download and install security software for our mobile.
These ads load even when the phone is locked. Therefore, many times they appear by surprise when we unlock the phone.
The app in question that does this is Bluetooth Auto Connect, an app that is still available in the Google Play Store, and that has more than 1 million installations, despite having an average rating of 3.3 out of 5 stars. In addition to this app, other apps from the same developer use similar techniques, although these have far fewer installs:
- Bluetooth App Sender: 50,000 installations.
- Driver: Bluetooth, Wi-Fi, USB: 10,000 installations.
- Mobile transfer: Smart switch: 1000 installations.
Security: the unfinished business of Android
Despite Google’s attempts to control the applications that arrive in its store, and security systems such as Google Play Protect, Android is still a very vulnerable operating system against all kinds of computer attacks. And the fault lies with Google alone.
Hackers obfuscate program codes and logs by hiding the origin of the program with a description like “sdfsdf”. In this way, the automatic security measures of the Play Store are not able to detect the threat, and end up giving way to the app. A real operator would detect the threat at the first moment.
As if that were not enough, Google’s response times are very long, which is why, despite the fact that this threat has been reported for several days, the applications are still present in the store, adding positive ratings (since the pirates are making use of bots) and infecting more and more users.
And only Google is to blame for it.
