Android malware disguises itself as a settings app

Bitdefender security experts have just detected 35 Android apps on the Play Store that contain particularly malicious malware, which hides in settings to be undetectable. Smart and efficient!

Be careful with the applications you download on your Android smartphone! Although Google has many tools to remove infected apps from its Play Store, hackers are constantly developing new strategies to bypass them. Recently, BitDefender’s cybersecurity specialists discovered 35 infected apps in the Google store, totaling about 2 million downloads and as many potential victims. The purpose of these applications is to flood you with advertisements without your knowledge. Intrusive ads, which abuse WebView, a software component that allows Android apps to display web content. Although the advertisement may not seem dangerous, it can quickly become very annoying, so try surfing the Internet with an advertisement page that opens every 30 seconds… and may even be directly linked to malware, thus leading to more malware sneaky, which can siphon off your personal and banking details. What’s worse is that these rogue apps use a variety of clever and sophisticated techniques that make them virtually undetectable.

Almost undetectable malware

As Bitdefender explains, these applications have various malicious methods to hide themselves. Thanks to Google’s legal APIs, these developers have found a way to completely fool users. Thus, infected applications mask their presence so as not to be uninstalled, most of them changing their name and logo to appear to be the most legitimate and innocent applications. For example, the GPS Location Maps app – already amassing over 100,000 downloads despite the lack of user reviews… – apparently turns into a Settings app and deletes the original. If you open it by naturally pressing its icon, you are directed to the actual settings of Android and your mobile. But meanwhile, the infected app runs in the background and displays websites and advertisements. Some go as far as requesting permission to appear in other apps in order to silently reap profits by simulating clicks.

To avoid detection, these rogue apps make sure not to show up in the list of most recently used apps on Android, which could possibly arouse your suspicions. However, dodging user surveillance is one thing, but bypassing Play Store defenses is another. To do this, hackers first put a supposedly legitimate version online, thus without any malware, before injecting malicious code via an update. Furthermore, hackers hide the core Java code in two encrypted DEX files, a format that allows executables to be stored on Android devices. In short, a professional job, which manages to break down the barriers of Google.

35 new infected applications detected in the Play Store

Here is the list of infected apps detected by Bitdefender, some of which are still present in the Play Store.

• Animated Sticker Master
• Art Filter – Deep Photo Effect
• HD art girls wallpaper
• Large Emoji – Keyboard
• cat simulator
• Colorize old photo
• coloring pictures
• Create sticker for Whatsapp
• EffectMania – Photo Editor
• Engine Wallpapers – Live & 3D
• fast emoji keyboard
• girls art wallpaper
• GPS location finder
• GPS location maps
• Grad Wallpapers – 3D Backgrounds
• Image warping camera
• Keyboard – Funny Emoji, Stickers
• LED Theme – Colorful Keyboard
• Math Solver – Valet
• Media volume slider
• my gps location
• personal cargo show
• Phi 4K Wallpaper – Anime HD
• Photopix Effects – Artistic Filter
• QR Maker
• secret astrology
• secret horoscope
• Sleep Sounds
• Smart GPS rental
• Smart QR Creator
• Smart QR Scanner
• smart wifi
• Wallpapers – 4K and HD
• volume control
• Wall sconces – Pack Wallpapers

Poisoned applications: warning signs

Bitdefender specialists have noticed that all malicious app developers usually only offer one app in the store. Also, the email addresses and websites associated with the developers look alike, leading them to believe that all these apps are the work of a single group or even a single developer. Another red flag: the absence of user reviews despite a large number of downloads; at the same time, how to rate an application that does not appear on your smartphone? That’s why you have to keep in mind that the fact of downloading an application from the official Google store does not mean that it is safe.

Therefore, some precautions must be taken. Don’t install apps you don’t really need and don’t forget to delete the ones you don’t use anymore. If an app asks for special permissions that it theoretically doesn’t need (a sticker app doesn’t need your geolocation), be careful right away. Finally, it’s best to have an antivirus running in the background to double check that malicious behavior isn’t working in the shadows…