Millions of Android users have been affected by Trojan-infected apps on the Google Play Store. The malware is used, among other things, to take out paid subscriptions.
Researchers from Doctor Web point out that the Trojans are hidden in everyday, innocent-looking apps. For example, researchers discovered HiddenAds malware in games from Freezing Game Studio. The game developer released seemingly harmless games such as Agent Shooter, Rainbow Stretch and Super Skibydi Killer on the Play Store. Apps that are each infected with malware.
In addition to HiddenAds malware, the researchers also discovered apps containing FakeApp and Joker trojans. The former category is mainly filled by financial applications, often with a focus on Bitcoin and other cryptocurrencies. Wildcat Trojans are more likely to appear in more mundane services, such as background and messaging apps. Love Emoji Messenger is shown as an example of such Joker malware. That app has already collected more than 50,000 downloads. Other apps that the researchers came across managed to obtain ‘several to tens of thousands’ of downloads.
To date, the new Trojan variants are said to have claimed more than two million victims. The rapid spread is made possible by the Play Store, where rogue apps are regularly shown in lists of popular apps. At the time of writing this article, the apps mentioned by the writers were no longer available in the app store. Does this solve the Trojan problem? Certainly not. Hackers will always look for ways to hide the malware.
Is my device infected?
Each type of malware has its own effect. This is no different for the HiddenAds, FakeApp and Joker trojans. How to tell if you have installed an infected app? The behaviors for each of the Trojans mentioned are listed below.
- HiddenAds: With HiddenAds you suddenly encounter a lot of intrusive advertising, without knowing where it comes from. The disadvantage of this type of Trojan is that it knows how to hide itself. He often removes his icon from your home screen, or suddenly changes his icon to that of another well-known app such as Chrome;
- Fake App: this type of trojan is relatively self-explanatory. The app does not work as the Play Store description would have you believe. Instead, such apps usually send you to rogue websites or casinos, where they ask for investments. The developers then hope that users will fall for such requests;
- Joker: it is in principle no new form from trojan and has been used on Android for some time. With the Joker Trojan, hackers try to take out paying subscriptions at the user’s expense. To do this, they send text messages unseen to rogue services. In a more recent version of the Joker Trojan, they work with executable files that, without your knowledge, take out subscriptions. You will also not find such subscriptions in Google’s Play Store console.
With the Joker malware, it is important to keep a close eye on your monthly bill from your telecom provider. The costs should appear there. Overall, it is wise not to just download apps from the Play Store. Although Google scans apps in its app store, it does not detect all forms of malware.
Play Protect-scans
This is likely to change in the long term. Google goes realtime apps scannen that you install with Play Protect. It pays attention to suspicious circumstances. Apps that exhibit ‘suspicious behavior’ are recommended for removal.