Applications

This article is more than 1 year old

Devs get malicious root app militia on Play Store, sell pumped up ratings

Modders at risk

Fri 8 Jan 2016 // 03:57 UTC

Google has punted from its Play Store 13 apps, including one installed a million times and capable of gaining persistent root, downloading additional apps, and leaving fake positive reviews.

The Brain Test apps slipped past the Chocolate Factory's Google Verify Apps (formerly Bouncer) vetting system and were downloaded scores of times by users and without interaction by the malware itself.

It can gain persistence only on devices that users have rooted, a process many undertake to liberate phones from abandoned stock operating ROMs to updated and maintained community variants.

The apps contained functional and enticing games that lured users to install the initial infected app.

If root access is achieved, apps would then download other infected Brain Test apps and leave positive reviews in a bid to boost credibility.

Lookout researcher Chris Dehghanpoor says the authors are attempting to sell guaranteed app rating boosts by causing infected phones to download and review other apps.

"It seems likely that over two to three months, the malware authors used different names, games, and techniques to see what apps they could publish in Play while flying under the radar," Dehghanpoor says.

"Then, just before Christmas, a game called Cake Tower received an update [that] included a new command and control server, which was the smoking gun we needed to tie together the apps.

"Some [apps] are highly rated because they are fun to play [and] are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors."

Users infected with the rooted apps can easily remove them by reflashing ROMs through recovery consoles, a process which many who root their devices would already be familiar with.

It is the latest successful compromise of Play Store app offerings for the group. In September authors beat Bouncer to get their Brain Test app on the app shop and installed up to half a million times. ®

Topics

Special Features

Vendor Voice

Resources

Applications

Devs get malicious root app militia on Play Store, sell pumped up ratings

Modders at risk

More about

More about

Narrower topics

Broader topics

More about

More about

More about

Narrower topics

Broader topics

TIP US OFF

Other stories you might like

In-app browsers are still a privacy, security, and choice problem

Google One VPN axed for everyone but Pixel loyalists ... for now

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Protecting distributed branch office environments from ransomware

Google sues app devs, claims they're Play Store crypto scammers with 100k+ victims

Google will delete data collected from 'private' browsing

Google fires 28 staff after sit-in protest against Israeli cloud deal ends in arrests

Japan turns up heat on Apple, Google with threat of hefty fines

Microsoft squashes SmartScreen security bypass bug exploited in the wild

Google joins the custom server CPU crowd with Arm-based Axion chips

Google location tracking deal could be derailed by politics

Chrome Enterprise Premium promises extra security – for a fee

About Us

Our Websites

Your Privacy