This Malware Was Installed 10 Million Times on Android

This Malware Was Installed 10 Million Times on Android

Clearly the Google Play Store is no place to download apps willy-nilly. Sure, most of the options on offer are perfectly safe, but far too many malicious apps sneak in under the radar. A week after we updated you on a recent infestation comes news of another batch of apps discovered to be carrying malware — and this bunch was downloaded nearly 10 million times collectively, potentially infecting millions of Android devices. If you downloaded any of them, delete them immediately.

According to BleepingComputer, the Dr. Web antivirus team first reported these particular malicious apps, identifying 28 apps on the Play Store that contained malware designed to subscribe victims to paid services, break into social media accounts, and serve up scammy ads. While malware apps often rake in hundreds of thousands of victims, this latest group was comparatively far more “successful,” notching millions upon millions of downloads.

The “best” malware is crafty and cunning, and this batch of malicious programs is no different. When you first open one of them after installation, it presents a pop-up asking for permission to always run in the background. If you tap “Allow,” the app will be excluded from battery saver, and will continue to run even when you close out of it. To conceal their identity, they either remove their icons from your phone’s app launcher or they replace them with system icons. Apps that contain the malware strain known as Joker (which we have discussed before) will attempt to trick you into subscribing to premium services without your knowledge.

While Google has already scrubbed most of these apps from the Play Store, two still remain at the time of publication: “Water Reminder- Tracker & Reminder” by YPC Dev, and “Yoga- For Beginner to Advanced” by ALHASSAN, each with over 100,000 downloads. When BleepingComputer published their piece, “Neon Theme Keyboard” was also live, with over one million downloads to its name.

Here’s the complete list of identified malicious apps. If you have any of the following installed on your Android, uninstall it right away:

  • 4K Wallpapers Auto Changer
  • Call Skins – Caller Themes
  • CallMe Phone Themes
  • Caller Theme
  • Caller Theme
  • Cashe Cleaner
  • Emoji Keyboard: Stickers & GIF
  • Fancy Charging
  • FastCleaner: Cashe Cleaner
  • Funny Caller
  • Funny Wallpapers – Live Screen
  • InCall: Contact Background
  • MyCall – Call Personalisation
  • Neon Theme – Android Keyboard
  • Neon Theme Keyboard
  • NewScrean: 4D Wallpapers
  • Notes – reminders and lists
  • Photo & Exif Editor
  • Photo Editor & Background Eraser
  • Photo Editor – Design Maker
  • Photo Editor – Filters Effects
  • Photo Editor : Blur Image
  • Photo Editor : Cut, Paste
  • Photo Editor: Art Filters
  • Photo Editor: Beauty Filter
  • Photo Editor: Retouch & Cutout
  • Photo Filters & Effects
  • Stock Wallpapers & Backgrounds

How to protect yourself from malware on Android

While there won’t be a warning from Google letting you know an app appears to be malicious, there are signs to look out for to help ensure you don’t fall into the trap.

For starters, look closely at the app’s Play Store page. Is everything spelled correctly, or written well? Make sure the preview images are high quality, and actually advertise what the app is supposed to do. You should also skim reviews, and notice the app’s overall star rating: If there are a series of bad reviews, or five-star reviews that appear to be fake, that’s a big red flag.

The aforementioned “Neon Keyboard” app, with one million installs, had an overall rating of 1.8 stars. One review stated, “This app ‘killed’ my phone. It keep’d crashing , i couldn’t even enter password to unlock phone and uninstall it. Eventually, I had to make a complete wipe out (factory reset), to regain phone. DO NOT , install this app !!!!” That’s what they call a red flag right there.

Another tip is to check the permissions for the app in question: If the app is asking to access parts of your Android device it shouldn’t need, that’s a bad sign. A keyboard app shouldn’t need access to your location, camera, microphone, and contacts.

In general, make it a habit to not download any questionable app right away. Take your time to read through its Play Store page, and only tap “Install” if you’re confident everything checks out.




Leave a Reply