Symantec Threat Intelligence: More Hidden App Malware Found on Google Play – Over 2.1 Million Downloads
Malicious apps hide themselves after installation and aggressively display full-screen advertisements.
Symantec has uncovered another wave of malicious apps in the Play Store which have been downloaded more than 2.1 million
times. The company reported these apps to Google on September 2, 2019, and they have been removed from the store.
A total of 25 Android Package Kits (APKs), mostly masquerading as a photo utility app and a fashion app, were published
under 22 different developer accounts, with the initial sample uploaded in April 2019.
These 25 malicious hidden apps share a similar code structure and app content, leading Symantec to believe that the
developers may be part of the same organisational group or, at the very least, are using the same source code base.
Figure 1. Hidden app malware on Google Play
The app uses hidden icons, and the malware displays advertisements, which are shown even when the app is closed.
Full-screen advertisements are displayed at random intervals with no app title registered in the advertisement window,
so users have no way of knowing which app is responsible for the behaviour.
Monetary gain from advertising revenue is likely the motivating factor behind these apps.
Symantec and Norton products detect these malicious apps as:
Stay protected from mobile risks and malware by taking these precautions:
• Keep your software up to date.
• Do not download apps from unfamiliar sites.
• Only install apps from trusted sources.
• Pay close attention to the permissions requested by apps.
• Install a suitable mobile security app, such as Norton
or Symantec Endpoint Protection Mobile
, to protect your device and data.
• Make frequent backups of important data.