Google has been focused on improving security for its users for a while. Unfortunately, there are still some malware-infused apps that manage to sneak in. Researchers say they’ve discovered 12 Google Play apps that were downloaded more than 300,000 times before they were revealed to be trojans that siphoned passwords, two-factor authentication codes and banking information. They also logged keystrokes and took screenshots.
The Google Play apps belonged to four separate Android malware families that were distributed over four months. They disguised themselves as QR scanners, PDF scanners, and cryptocurrency wallets. So how did these programs manage to sidestep Google’s security checks? Usually, apps with suspicious codes that aim to harvest user data are immediately flagged by the tech company. But these sneaky apps capitalized on a loophole.
After being distributed legitimately, the malware was installed via app updates from third-party sources. This allowed hackers to submit their programs to the Google Play App Store while bypassing any security checks. After working normally at first, the apps received glowing reviews from Andriod users, making them appear legitimate.
Speaking about the security beach, researchers from mobile security company Threat Fabric said what makes these Google Play App distribution campaigns very difficult to detect from an automation and machine learning perspective is that dropper apps all have a very small malicious footprint. This small footprint is a direct consequence of the permission restrictions enforced by Google Play.
While it’s very easy to trust an app that’s been endorsed by Google’s Play App Store, there are a few red flags users can look out for. For instance, these particular updates would have asked for added permissions like “accessibility services” which is a major reason to question the program’s legitimacy. Avoiding these situations is pretty simple. Do not give apps permissions that they don’t require to perform their basic function.
When asked to comment on the Google Play apps security breach, a spokesman for the company referred to a blog post detailing the company’s methods for detecting malicious programs submitted to their app store. According to ARS Technica, malicious apps have plagued Google Play regularly over the past decade. Fortunately, Google is always quick to remove fraudulent apps once they have been notified.
Meanwhile, Google is doing a lot to make users’ accounts safer. In May, the tech giant announced plans to enable two-factor authentication by default to create more security. The company plans to enable two-factor security for 150 million Google and YouTube accounts by the end of this year. This means folks will have to enter a code sent via text message or enter a physical security key. In a statement on their blog, Google said for most people passwords are the first line of defense for our digital lives. But managing a set of strong passwords isn’t always convenient. This leads some folks to look for shortcuts (like pets’ names and birthdays) or to neglect password best practices altogether. The lapse in security opens them up to online risks. Additionally, Google promised to protect users’ passwords with products that are secure by default. It’s still unclear if any and when security changes will be made to Google’s Play App Store.