Spurt of Malevolent Applications Seen in Google Play Store

ESET the security company found 8 downloadable applications from Google Play Store with a Trojan Dropper in each app. Trojan Dropper is referred to malicious program that lets attackers install malevolent payloads over and above the already installed. These extra payloads are varied such as spyware to banking Trojans.

Pretending to be applications like system cleaners and news aggregations, these apps appeared genuine, however, used obfuscation as well as delayed payload's installation to conceal their rogue properties.

After the first download, the application does not request the dubious consent via the malware while would at first imitate the tasks which the end-user anticipates.

Now in addition to this the application clandestinely unlocks payload and runs it via multiple steps. In this way payloads within first stage and second stage are unlocked and executed. There's one hard-coded URL in the second-stage payload that the malware utilizes for taking down the third-stage payload consisting of one other malicious application.

The entire above activity happens devoid of the end-user knowing anything till 5 minutes are passed when he's asked to load an application or update it. That application is disguised as appearing from Android or Adobe Flash Player, while in reality it's the malware's 3rd-stage of installation.

The installation seeks consent to carry out intrusive operations namely receiving and sending text messages, reading contacts, as also deleting or modifying storage's contents. In case consent is granted for installing the update then in that situation the Trojan Dropper serves payload of the 3rd-stage that unlocks and runs the ultimate malicious payload, which is the original malicious software.

Soon as Trojan Dropper gets planted onto the system, it's utilized for loading additional malware like it tries to load different kinds of spyware and the banker Trojan MazarBot. However, according to the security researchers, it can get utilized for serving whatever rogue payload the attacker chooses.

Google asserts its security process is very sturdy when it comes to halting malware from entering its Play Store as well as that it ensures the safety of an immense number of 1.4bn Android users who visit Play, against malware.

» SPAMfighter News - 11/22/2017