Recently it appears that Google Play is in the news. Security researchers have discovered a strain of Android malware which keeps finding its way onto Google Play… Despite the store being “scrubbed” clean of infiltrated apps.
It’s been said that the malware, known as Android.Spy.277.origin, is hidden in more than 100 applications on the Google Play store and have been downloaded by numerous of unsuspecting customers. The malware hides itself as legitimate popular games, photo editing apps, etc, but they come with the added extra of a secret backdoor.
Once the infected apps are installed, the attacker is able to utilise the secret backdoor and perform a variety of tasks. Normally money is made through ad click fraud and mobile scareware, which as the name describes, "scares" users into installing fraudulent apps which provide no benefit at all.
This raises the question of how much of the content available through trusted app stores can we actually trust ?
Even after Google removed samples of the dodgy software from Google Play, Check Point's Mobile Threat Prevention research team found an additional app, called Street Stick Battle, containing the same malicious payload. The rogue app has notched up between one million and five million downloads.