Google Play Removes Malicious Apps

By using our smartphones, tablets and other devices daily, we download (and have downloaded) any number of apps to use. While the majority of these apps enhance the flow of our lives, sometimes a rogue one gets through and causes trouble! This happens despite Google and countless numbers of cybersecurity teams monitoring these apps very closely and regularly.

Recent estimations reckon 98% of mobile malware attacks Android. Recently, a number of apps have been removed by Google, and for various reasons. In June 2020, Google removed over 30 popular apps from Play Store. These apps had been targeted mainly at the beauty and selfie genre and contained malware and adware. 

Adware is designed to bombard the user with unwanted adverts and sometimes trojans will redirect you to a site that you have not given permission for nor clicked a link. 

The apps are alleged to have started in January 2019 becoming more prevalent by September 2019. Cybersecurity company WhiteOps made the initial discovery and despite some of the apps being available for only a few days, they had managed to amass over half a million downloads, resulting in over 20 million downloads across the whole range. WhiteOps believe cybercriminals are behind the threats.

Here are the sites that were taken down by Google Play. 

Yoroko Camera100,000 downloadsFirst Selfie Beauty Camera and Photo 500,000 downloads
Solu Camera500,000 downloadsVanu Selfie Beauty Camera100,000 downloads
Life Beauty Camera1 million downloadsSun Pro Beauty Camera1 million downloads
Beauty Collage Lite500,000 downloadsFunny Sweet Beauty Camera500,000 downloads
Beauty and filters camera 1 million downloadsLittle Bee Beauty Camera1 million downloads
Photo Collage and Beauty Camera100,000 downloadsBeauty Camera and Photo Editor Pro1 million downloads
Beauty Selfie Camera Filter10,000 downloadsGrass Beauty Camera 1 million downloads
Gaty Beauty Camera 500,000 downloadsEle Beauty Camera1 million downloads
Pand Beauty Selfie Camera50,000 downloadsFlower Beauty Camera 100,000 downloads
Catoon Photo Editor & Selfie1 million downloadsBest Selfie Beauty Camera1 million downloads
Benbu Selfie Beauty Camera1 million downloadsOrange Camera 500,000 downloads
Pinut Selfie Beauty Camera1 million downloadsSunny Beauty Camera 1 million downloads
Rose Photo Editor & Selfie Beauty1 million downloadsPro Selfie Beauty Camera500,000 downloads
Mood Photo Editor & Selfie Beauty500,000 downloadsElegant Beauty Cam 50,000 downloads
Selfie Beauty Camera and Photo Editor100,000 downloadsSelfie Beauty Camera Pro1 million downloads
Fog Selfie Beauty Camera100,000 downloads

Some forms of malware can be very dangerous, particularly when you look at the number of downloads that can be achieved in only a few days. You could lose access to your files and your personal information can be stolen and sold on.

Evina is another cybersecurity company who found malware installed across a number of apps. This particular type of malware stole social media login details. The malware was hidden in a legitimate app and was able to detect which apps had recently opened and what was running in the foreground. Once the ‘legitimate’  app was launched, if the victim opened a Facebook page, the app created a fake overlay, mimicking the genuine one and scraped login details from the fake one. The login details were then sent elsewhere. 

Once a cybercriminal has access to your social media, they have access to your friends’ list and can set up fake accounts in your name. You may find your photo ends up as someone’s fake dating profile (catfishing) or that someone has tried to get credit in your name. 

Cybercriminals could have access to your date of birth, phone number, workplace and all of your photographs and videos. Any of your sensitive information can be sold on the Dark Web and any type of accounts set up in your name and depending on the nature of your info could be used for blackmail. 

If you are concerned that your details may be on the Dark Web, use Notty’s Dark Web search. Notty performs Dark Web searches with up to five pieces of information and we will alert you if any of those are found online. You can also see your Social Media Score and get McAfee Total Protection at a heavily discounted price to protect all of your devices. Having a free Notty account helps keep you safe online.

Joker malware

This is the most prevalent form of Android malware that constantly evolves, making it tricky to discover. Joker malware (a.k.a. Bread) belongs to a family of ‘billing fraud’. 

First seen in 2017, but much more so in 2019, this malware covertly signs the victim up to premium subscriptions, draining finances over time if gone unnoticed. It can also steal SMS messages, contact lists and device information. 

This virus can go undetected because it can hide in legitimate apps and only bloom later with added codes within app updates. There are a variety of methods that the author of the virus uses too, such as encryption, or fake reviews to lure in new users, 

Would I know if I have downloaded a malicious app?

Not necessarily, but it probably wouldn’t take long to find out. You may find yourself inundated with adverts and glitches. The app may open browsers and websites without your permission. 

Google Play would notify you if they are aware of an app that is malicious that you have installed. But be aware, this doesn’t mean others aren’t malicious.

There are tell-tale signs that are a little more subtle too, such as:

  • Finding your phone’s battery life drains more quickly than normal
  • Appearing to burn through data when you haven’t changed what you normally do
  • Being bombarded with the aforementioned adverts
  • Strange messages and emails being sent to friends, allegedly from you. 
  • Check your bill for unknown transactions if your bill seems higher than usual.

What’s the worst that can happen?

Some of the tactics used are mere ‘scareware’ tactics. This can include an ad telling you that your device is infected and to click the link to fix it. The messages relay a sense of urgency so that you panic and don’t have time to think about how congruous it is and just plump for paying their fee to ‘remove’ the infection. 

Adware, like scareware, can be irritating but doesn’t necessarily mean you have a virus rampant in your device, just ten’s of adverts popping up relentlessly.

Cybercriminals can install other types of malware though, such as Joker malware and many others. These are designed to capture personal information and people on your contacts lists may also be infected if a link is sent to them in your name and they open it. Then their devices are infected and their contacts are sent a link and so forth. 

Your information may end up for sale on the Dark Web or you may be held to ransom (ransomware) for your files, whereby you have to pay a sum of money to allow them to provide you with a ‘key’ in which to regain access, if at all.

What you can do to help spot a malicious app

  • Check that the app developer is reputable.
  • Read the reviews! If it has a low score and many complaints, avoid it.
  • If a window opens that you haven’t authorised, do not go further, and definitely don’t enter any login details. Remove the app straight away.
  • Ensure that the permissions that the app asks to use are legitimate.
  • Install trusted anti-virus software, such as McAfee Total Protection and CyberDNA, on all of your devices. This will alert you to any threats before they happen and can help prevent pop-ups. 
  • Use common sense, if it doesn’t feel right, leave it well alone. 
  • Visit Notty for the latest and most up to date information on security.