By using a switch, hackers have once again circumvented Google’s security measures and uploaded malicious programs to the Play Store.
Bitdefender researchers have revealed that many apps in the Google Play Store use deceptive names and symbols in order to sneak onto users’ devices and remain hidden once they’ve been installed.
Dr. Johannes Ullrich, dean of research at SANS Technology Institute, told Lifewire in an email interview, “Sadly, the findings are not surprising at all.” Google Play “often has issues recognizing and deleting harmful apps.”
Bitdefender noted that the apps’ modus operandi involves misleading users into downloading and installing them by purporting to offer useful features like a location finder or camera app with filters. However, the apps’ names and icons are changed soon after installation, making it extremely difficult to locate and remove them.
Some apps disguise themselves as Settings by renaming themselves and redesigning their logo to seem like the familiar gears found in the Settings menu. To pull off their ruse, the apps’ “Settings” buttons really open the phone’s native Settings menu. This hides the dangerous app so well that most users won’t even know they installed it.
However, these apps will start pushing annoying ads in the background. Interestingly, the apps employ a different tactic to avoid being included in Android’s “recent” list.
To implant malware, disrupt bank transactions, divert advertising money, or just steal data, “bad actors will constantly try to install altered or cloned apps,” George McGregor, VP of mobile app protection experts Approov, told Lifewire via email.
While the apps discovered in the research are known as adware, since all they provide is irritating adverts, Bitdefender claims the same programs might just as easily fetch and serve a more deadly sort of malware.
Bitdefender added that while it is evident that all of the discovered apps are harmful, the creators were nevertheless able to post them to the Google Play Store, make them available to consumers, and push upgrades that made the apps better at hiding on smartphones.
McGregor warned against downloading apps from unofficial sources since Google hasn’t been able to totally eliminate the availability of phony apps in the Play Store.