Security researchers have again found dozens of malicious applications circulating on the Google Play Store. Worse, these malicious applications have been downloaded more than two million times.
According to a recent report from cybersecurity firm Bitdefender, there are 35 malicious apps that display annoying and harmful ads. Many other applications also display ads, but these 35 malicious applications display ads through their own framework so they can spread malware to users.
Almost all of these applications disguise themselves as applications that offer personalization features and tools, such as wallpapers, themes, filters and camera effects, to applications for creating QR codes and GPS location finder. The disguise was done so that malicious applications could bypass Google checks and enter the Play Store.
But once downloaded, these apps use special techniques to hide their presence on the phone. Their icon is replaced so that it resembles the Settings app icon on the phone.
Through the latest update, the developer of this malicious application even included the Settings icon from Motorola, Oppo, Samsung, and other mobile phone vendors to match the target phone. This will certainly make it difficult for users to find the malicious application and delete it.
Another technique used by developers of this malicious application is to make their application not appear in the list of recently used applications on Android, as quoted from Tom's Guide, Friday (19/8/2022).
Bitdefender gave an example of the GPS Location Maps application which has been downloaded more than 100,000 times even though it does not have a review on the Google Play Store. This app changes its icon and name to 'Settings' making it difficult to find and remove.
Apart from changing their names and icons, some of these apps also ask for permissions to display their apps on top of other apps, which means they can simulate user clicks to earn money from ads.
Worse yet, many of the apps on this list have been downloaded more than 100,000 times. According to Bitdefender's monitoring, some of these malicious apps are still on the Play Store and have not been removed by Google.
Walls light - Wallpapers Pack - 100.000+
Big Emoji - Keyboard - 100,000+
Grad Wallpapers - 3D Backdrops - 100.000+
Engine Wallpapers - Live & 3D - 100,000+
Stock Wallpapers - 4K & HD - 100,000+
EffectMania - Photo Editor - 100,000+
Art Filter - Deep Photoeffect - 100.000+
Fast Emoji Keyboard - 100,000+
Create Sticker for Whatsapp - 100.000+
Math Solver - Camera Helper - 100.000+
Photopix Effects - Art Filters - 100.000+
Led Theme - Colorful Keyboard - 100,000+
Keyboard - Fun Emojis, Stickers - 50.000+
Smart Wifi - 10,000+
My GPS Location - 10,000+
Image Warp Camera - 100.000+
Art Girls Wallpaper HD - 100.000+
Paint Simulator - 50.000+
Smart QR Creator - 10,000+
Colorize Old Photo - 500+
GPS Location Finder - 100.000
Girls Art Wallpaper - 10,000+
Smart QR Scanner - 50.000+
GPS Location Maps - 100.000+
Volume Control - 50.000+
Secret Horoscope - 10,000+
Smart GPS Location - 10,000+
Animated Sticker Master - 100.000+
Personality Charging Show - 100.000+
Sleep Sounds - 100.000+
QR Creator - 10,000+
Media Volume Slider - 10,000+
Secret Astrology - 10,000+
Colorize Photos - 10,000+
Phi 4K Wallpaper - Anime HD - 50.000+
To avoid malicious Android apps as mentioned above, always download apps from official sources like Google Play Store or Amazon Appstore. But sometimes there are still malicious applications that managed to escape Google's attention.
Therefore, Bitdefender advises users not to install applications that are not really needed and immediately delete applications that are not used. Also, make sure Google Play Protect is active on your device.
When downloading new apps, be careful with apps that have a large number of downloads and don't have reviews. Also keep in mind that there are many fake reviews on the Play Store so try checking reviews elsewhere.
Lastly, avoid apps that ask for permissions that don't suit their function. For example, a GPS application must ask for location access permission, but if for example someone asks for camera or microphone access permission, especially for accessibility permission, it means it's suspicious.