Symantec discovers seven malicious apps sneaked back onto Google Play with different names.
Researchers have discovered a set of malicious apps on the Google Play Store that are reappearing after being removed by simply changing their names.
Malware identified as Android.Reputation.1, a Trojan first encountered in 2014, has been found in new iterations of at least seven apps on the Play Store after Google was previously alerted to them.
These new apps, featuring under a different publisher, carry the same code but are listed under an altered name, according to researchers from security company Symantec. The apps offer an array of features including emoji keyboard add-ons, calculators, call recorders, and storage space cleaners.
“The Google Play app store has a reputation as the safest place online to get Android apps,” wrote Symantec’s Martin Zhang, principle software engineer, and Shaun Aimoto, technical product owner, in a blogpost, adding: “And Google does a good job of advising users to limit exposure to malware and other risks by configuring their phones to forbid side-loading and alternative app markets in the Android Settings.
“We’ve encountered several apps in the past, however, that manage to gain access to this walled garden. The latest of these discoveries is a set of apps that has managed to reappear in the Play store even after we alerted Google and the original app was removed.”
The apps, once installed, take measures to stay on the device, disappear and wipe their tracks, including waiting for hours before launching malicious activity to avoid arousing suspicion and requesting admin privileges – using the Google Play icon when doing so to feign legitimacy.
https://www.pcauthority.com.au/news/malware-hiding-android-apps-apps-return-to-google-play-after-a-simple-name-change-490965