Google gives the boot to more malware-laden apps posing as games for kids

Written by

Google has removed another eight apps from the Play Store after researchers determined hackers had been using the games and utility programs to spread malicious software.

Users who downloaded the eight Android apps thought they were adding new features for their camera, or installing games meant for kids. In fact the apps, which had been downloaded some 50,000 times, either enrolled victims in expensive premium services without their consent, or installed the “Haken” malware, which siphons user data, researchers from Check Point Software Technologies said in a blog post Friday.

The announcement came one day after BuzzFeed News reported that Google had scrubbed another 600 apps that had pushed out “disruptive” advertisements.

It’s the latest in a long game of Whac-A-Mole between the security team overseeing the Play Store, and the scammers trying to exploit the app marketplace’s credibility to reach as many victims as possible. Yet the latest revelations also demonstrate that, even after Google hired three mobile security firms to help keep the Play Store the stocked only with legitimate apps, outsiders are looking for new ways inside.

“There are nearly 3 million apps available from the store, with hundreds of new apps being uploaded daily, which makes it difficult to check if every single app is safe,” Ran Schwartz, a product manager on Check Point’s threat prevention team, said in a blog post.

Like in previous cases, profiting from advertising fraud was the motive behind this batch of malicious apps.

With names like “Kids Coloring,” “Fruit Jump Tower,” and “Ball Number Shooter,” the apps function as advertised. But they also included a so-called clicker malware that covertly clicked on any ads that appeared on infected phones. The effect was to boost the value of ads in the apps, enlist users in paid services and steal information that users would otherwise prefer to keep private.

“These apps also use a variety of techniques to avoid detection by the alliance’s security teams, including code obfuscation and delayed downloads of malicious payloads,” the Check Point analysis went on.

All of the flagged apps have since been removed.