More malware found on Google Play Store

Next story
Olivia Storey

Google’s Play Store security systems are being evaded by malicious apps from the BankBot malware family.

The applications ‘Earn Real Money Gift Cards’ and ‘Bubble Shooter Wild Life’ were found to have been uploaded by the same author and both contain malware from the BankBot family and download additional apps.

The Bubble Shooter app is successful by abusing google play accessibility service, by using the android’s accessibility permission to install additional apps without the user’s knowledge.

Once the app is started it asks permission to draw over other apps in order for the user to play the game. After a 20 minute interval, the app then repeatedly shows system alerts from Android OS which are actually the malicious service disguised to look authentic.

By pressing ‘OK’ the malware opens what looks like the Android accessibility menu showing the ‘Google Service’ turned off, however, what they are seeing is the malware’s version of the accessibility centre.

By allowing ‘Google Service’, it pops up with google terms & conditions but these are also fraudulent. When confirmed, you are then asked of services required by the app, which the average user is most likely to accept, giving permission for accessibility of the malware to your device.

Lukas Stefanko, ESET Malware Researcher, explains the best possible way for Android users to detect malicious apps like this, and what to do if you have been infected by malware.

“Google Play Store is one of the most secure Android market places there is, however, bad guys always try to find new ways to bypass Play Store security systems.

“They bypass by using different or new malicious techniques or a combination of them, like in this case using a 20 minute timer and misusing accessibility services.

By simply scanning apps with a trustworthy antivirus scanner before uploading them on Play Store could increase its security and prevent malware from spreading.

“In order to remove malware from devices, at first the victim needs to turn off Accessibility for infiltration by going to Settings -> Accessibility -> Google Service.

“After this is done, the user can simply uninstall aforementioned apps from Settings -> Apps.”

Do you use other Android app stores besides Google Play? Let us know on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.