At least five apps, clones of the deceased Showbox app, have popped up in the Galaxy Store, Max Weinbach of Android Police reported via Twitter.
The apps themselves don’t directly contain malicious code, but they could be used as a stepping stone. In fact, their design implies that they do serve the purpose of a gateway towards more serious mobile malware.
Galaxy store risk
Speaking to Android Police, security researcher linuxct explained that two of the apps can do dynamic code execution, which means they can download and execute other, potentially malicious code.
Knowing the fact that “there are very few legitimate use cases for this functionality”, as well as the fact that it could be weaponized “easily”, it’s safe to assume that was the point, in the first place.
"So at any moment it may become a trojan/malware, hence it's unsafe and thus why so many vendors flagged it in VT/Play Protect," linuxct explains.
The good news is that Google’s Play Protect, essentially a mobile antivirus that scans incoming apps for signs of trouble, triggers a warning when the user tries to install any of the apps. The bad news is, given that the apps reside on Samsung’s official store, people could be ignoring the warning. In fact, the apps cumulatively have hundreds of reviews, which could mean that they have plenty of downloads. Unfortunately, Samsung doesn’t count downloads from its app store, so it’s impossible to say at this point.
Some of the reviews do stress that the apps trigger the warning.
Android Police added that all of the apps are clones of Showbox, an old app that was accused of enabling piracy, but has been dead for at least two years, and is unavailable on all main app stories..
- We've also featured the best rugged smartphones
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.