Google Play detected a new batch of disguised malware. It is better to remove before it’s too late
Specializing in Japanese security company Trend Micro discovered a selection of SEO tools and utilities in the online store Google Play, which can download 3 thousands different variants of malicious code and infect the smartphone.
The app is quite popular, the total number of installations reached 470 thousand. Google has removed them from Google Play, but they can remain on smartphones.
The attackers took care of the positive reviews in Google Play, so users are not afraid to install apps from unknown developers. Positive reviews are published from infected devices and provide a high rating. Applications launch hype and can log in to a user account in Google and Facebook.
3 thousands of variations of malicious code disguised as system applications. As a result, the launcher and the app list, they do not appear. The user may not even know that the smartphone is infected.
Application can without the user’s knowledge to take screenshots, change settings, open links, record audio, make calls, steal contact list, send, receive and delete messages, lock the device to obtain location data, encrypt files, receive remote commands via Twitter and Telegram, and so on.
These applications were the most popular in Japan, Israel, Taiwan, USA, India and Thailand. The list includes:
- Shoot Clean Junk Cleaner, Phone Booster, CPU Cooler — downloads 10 000+
- Super Clean Lite — Booster, Clean&CPU Cooler — 50 000 downloads+
- Super Clean Phone Booster,Junk Cleaner&CPU Cooler — downloads 100 000+
- Quick Games-H5 Game Center — downloads 100 000+
- Rocket Cleaner — downloads 100 000+
- Rocket Cleaner Lite downloads 10 000+
- Speed Clean-Phone Booster,Junk Cleaner&App Manager — downloads 100 000+
- LinkWorldVPN — downloads 1 000+
- H5 gamebox downloads 1 000+