Tech —

Malicious apps hosted in Google store turn Android phones into zombies

Google has been found hosting 17 malicious titles in its Android app market.

Spy Phone Pro+ is one of 17 malicious titles Trend Micro researchers say were hosted in Google's official Android store.
Spy Phone Pro+ is one of 17 malicious titles Trend Micro researchers say were hosted in Google's official Android store.

Google has been caught hosting more than a dozen malicious titles in its official Android app market. Some had been downloaded tens of thousands of times and turn smartphones into zombies that await commands from their attacker overlords, security researchers said.

A stash of 17 malicious apps remained freely available in the Google Play store, according to a blog post published Thursday by researchers from antivirus provider Trend Micro. Six of those titles contained a highly stealthy code dubbed Plankton, which causes Android-based phones to connect to command and control servers and wait for commands. At least 10 Plankton-based apps found last year in the Android market collected users' browsing history, bookmarks, and device information and sent them to servers under the control of the attackers.

"In total, we have discovered 17 malicious mobile apps still freely downloadable from Google Play: 10 apps using AirPush to potentially deliver annoying and obtrusive ads to users and 6 apps that contain Plankton malware code," the Trend Micro advisory warned. Malicious apps included NBA Squadre Puzzle Game, NFL Puzzle Game, Cricket World Cup and Teams, and a variety of names written in simplified Chinese characters.

It remained unclear if the malicious titles had been removed in the hours following the publication of the post. Searches for some of the titles named by Trend Micro returned no results. But searches for at least one of the developers shown as submitting the abusive apps to Google Play turned up suspicious-looking English language programs not mentioned in Trend Micro's blog post.

"Never ever download this app as it hijacks your browser," a user calling himself Jai wrote in comments accompanying an app called Make Your Home, which has been downloaded as many as 500,000 times . "I am still exploring the ways how to get it back to normal state. Big zero."

Comments accompanying other apps submitted by Antonio Tonev, the same developer listed as uploading Make Your Home—including those for Art of Tattoo and Thermo (Thermometer)—also claimed they triggered antivirus warnings or displayed unwanted messages.

In February, Google introduced a cloud-based scanner called Bouncer that scoured Android apps hosted on Google servers for malicious titles. The move followed a string of embarrassing disclosures by outside researchers who over the past year reported dozens of abusive apps in the market. The apps reported Thursday by Trend Micro are at least the second time malicious apps have been reported in Google Play since the introduction of Bouncer. That doesn't include malicious browser extensions found hosted in Google's Chrome Store.

One app found by Trend Micro was called Spy Phone Pro and explicitly described itself as a program to "track every text message, every call, every location." In all the apps have been downloaded more than 700,000 times.

Update

A Google spokeswoman issued a statement that read: "We have removed the apps from Google Play that violate our policies." She didn't say how many apps were affected or when they were removed. Meanwhile, Make Your Home, Art of Tattoo, and Thermo (Thermometer) remain available for download despite user feedback claiming they're malicious. Google's statement made no reference to these apps.

Listing image by Image courtesy of Google

Channel Ars Technica