Skip to main content

Millions of Android devices infected with wallet-draining malware

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)
Audio player loading…

Researchers have discovered another batch of seemingly innocent Android apps that are actually designed to push malware onto the endpoints (opens in new tab), and rake up expenses to the unsuspecting victims. 

The latest batch included wallpaper apps, keyboards, photo editors, video editors, and an occasional cache cleaner or system maintenance apps, was discovered by the Dr. Web antivirus (opens in new tab) team, and have more than 10 million downloads between them.

Overall, 28 apps were found on the Google Play Store, having somehow managed to bypass Google’s strict security policies. 

Android apps hacked

As for the damages, the practice is more or less the same. Once installed, most apps will try to hide, changing their appearance in the app drawer to that of a system app. That way, they hope the users would be discouraged from uninstalling them. Then, the apps would push ads, and try to sign up the victim to various premium services, to rake up additional expenses.

None of this would have been possible if users wouldn’t give the apps the necessary permissions. Even though the apps are simple in design (and actually do what they’re advertised to do), they often ask the users for advanced permissions, such as the permission to be excluded from the battery saver feature, so that they can remain operational in the background even when terminated by the user - which itself is a major red flag.

Most of the apps have already been removed from the Play Store, but three remain. Still, even if all of the apps were removed, they have still been downloaded millions of times, and until all victims remove them from their devices, they’ll continue to be a threat.

With malicious apps getting good at hiding in plain sight, downloading exclusively from known sources is no longer the only advice. Users should also read through the reviews, as they are a good indicator of the apps’ legitimacy. Also, make sure to check there are plenty of reviews, as threat actors can sometimes spoof some of them. If an app only has a handful of reviews, it's best to stay away. 

Here is the full list of malicious apps discovered by the researchers:

  • Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
  • Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
  • Photo Editor: Art Filters (gb.painnt.moonlightingnine)
  • Photo Editor - Design Maker (gb.twentynine.redaktoridea)
  • Photo Editor & Background Eraser (de.photoground.twentysixshot)
  • Photo & Exif Editor (de.xnano.photoexifeditornine)
  • Photo Editor - Filters Effects (de.hitopgop.sixtyeightgx)
  • Photo Filters & Effects (de.sixtyonecollice.cameraroll)
  • Photo Editor : Blur Image (de.instgang.fiftyggfife)
  • Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
  • Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
  • Neon Theme Keyboard (com.neonthemekeyboard.app)
  • Neon Theme - Android Keyboard (com.androidneonkeyboard.app)
  • Cashe Cleaner (com.cachecleanereasytool.app)
  • Fancy Charging (com.fancyanimatedbattery.app)
  • FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)
  • Call Skins - Caller Themes (com.rockskinthemes.app)
  • Funny Caller (com.funnycallercustomtheme.app)
  • CallMe Phone Themes (com.callercallwallpaper.app)
  • InCall: Contact Background (com.mycallcustomcallscrean.app)
  • MyCall - Call Personalization (com.mycallcallpersonalization.app)
  • Caller Theme (com.caller.theme.slow)
  • Caller Theme (com.callertheme.firstref)
  • Funny Wallpapers - Live Screen (com.funnywallpapaerslive.app)
  • 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
  • NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)
  • Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
  • Notes - reminders and lists (com.notesreminderslists.app)
  • Stay safe by deploying state of the art firewalls (opens in new tab) today

Via: BleepingComputer (opens in new tab)

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.