Google Removes Around 500 Malicious Apps From Play Store

Google Removes Around 500 Malicious Apps From Play Store

CyberSecurity Company Lookout researched on Android Apps and found around 500 Malicious apps on Google Play store. Theses apps are being used to Spy on users.

Security research company Lookout said, The Lookout Security Intelligence team has discovered an advertising software development kit (SDK) called Igexin that had the capability of spying on victims through otherwise benign apps by downloading malicious plugins. Over 500 apps available on Google Play used the Igexin ad SDK. While not all of these applications have been confirmed to download the malicious spying capability, Igexin could have introduced that functionality at their convenience. Apps containing the affected SDK were downloaded over 100 million times across the Android ecosystem.

Company observed an app downloading large, encrypted files after making a series of initial requests to a REST API at http://sdk[.]open[.]phone[.]igexin.com/api.php, which is an endpoint used by the Igexin ad SDK.

This sort of traffic is often the result of malware that downloads and executes code after an initially "clean" app is installed, in order to evade detection. The encrypted file downloads and the presence of calls within the com.igexin namespace to Android's dalvik.system.DexClassLoader (used to load classes from a .jar or .apk file) were enough to warrant more in-depth analysis for possible malware hiding in its payload. 

Not all versions of the Igexin ad SDK deliver malicious functionality. The malicious versions implement a plugin framework that allows the client to load arbitrary code, as directed by responses to requests made to a REST API endpoint hosted at http://sdk[.]open[.]phone[.]igexin[.]com/api.php.

By using this SDK, Cybercriminals are developing Malwares to spy on mobile users and other devices by injecting the malicious code into Vulnerable apps.

As soon as Google got to know about these Malicious Apps, Google instantly removed it from Play Store.

And one major issue here was users were not able to identify that they have become victims of this Malvertising.

Company introduced Google Play Protect to secure an Android Application that automatically scans APK before users install it into their devices. Google always keeps trying to keep malicious apps out of the Play Store. Hope the upcoming Google Android Oreo will offer more protection to its users.