Android App Namely Super Free Music Player Comes with Malware Infection

Super Free Music Player, which is music application in Google Play Store, turns as another app that is malware-infected which is missed by Google. Till now, it has been downloaded by around 5,000 to 10,000 people.

On 31st March this year, the app got uploaded in Play Store which means that the app got posted for over a month before it gets detected. Once downloaded, additional payloads are activated and downloaded by the malware from remote websites, along with uploading of data from infected Android device. Data, such as reports regarding the applications which are installed, manufacture, model, country, SDK's version of the phone, and even phone's language that is set, can be uploaded.

Sophos observed that once it was installed, then initial download "starts a service called com.hole.content.Erpbiobuft to decrypt and drop the payload" which is run on every hour after that. It checks for monitoring whether it is within TaintDroid, Android sandbox, and the timer is set for second bomb that will go off within 8 hrs. Scmagazine.com posted on May 3rd, 2017, stating that malicious payload got dropped at this time, making it possible for the app to download more malware.

The detection is part of the continuous assault of infected Android applications inside Google Play Store. For example, recently, FalseGuide malware was found infesting over 40 applications in Google Play Store; that has been uploaded in the application store from as early as Nov. 2016. For 5 months, they hid effectively; thus accumulating as many as 2 Mn infected users.

BankBot, the Android Trojan, was found to be targeting many applications on the Google Play in wide-net effort for stealing the online banking credentials of mobile users' during last month. BankBot first appeared in the early part of this year, when its source code got disclosed in the month of December. It infiltrates benign programs, thus hitching a move to installation on the phones of users'.

Sophos has informed Google about the malicious app, although they also said that best defense is simply not downloading it. The cybercriminals are continuously looking for the new security flaws for exploiting, and individuals and organisations need to be alert for the possible threats.

» SPAMfighter News - 5/9/2017