Ghost apps live on to torment Android users (ZDNet)


There’s currently no means of app stores recalling malicious apps which have already been downloaded.

Image: iStock

As many as half a million Android users could be at risk from hacking, phishing and other threats because still using apps they’ve downloaded from Google Play which have since been removed from the store.

With more than two million apps available to download from Android’s official store, sometimes malicious apps find their way through the initial screening process and are only identified as dangerous after they’ve been downloaded by users.

Recent examples include the data-stealing Charger ransomware, which disguised itself as a battery saver app, and the Dresscode spy malware which hid in plain sight within the Google Play store as games, skins, themes, and phone optimization boosters.

In both of these cases – and more – the malicious apps were identified by cybersecurity researchers then removed from the official app store.

However, while Google might eventually remove these threats from Play, users which have mistakenly installed malicious apps from the official Android store aren’t told about the risk. Security company McAfee said 4,000 apps have been removed from Google Play during the last year without users being notified. Some were malicious, others were abandoned by their developers.

“Dead apps need recall notices like other defective products,” said McAfee.

According to telemetry data collected by McAfee Mobile Threat Research, more than 500,000 Android devices still have these ghost apps installed, meaning that these users – and the organisations they work for – are still potentially exposed to malware and data breaches.

One such threat is trojan designed for stealing passwords, disguised as an app which offered to help users gain Instagram followers. Once downloaded from Google Play, the malicious app directed the user to a fake Instagram login site which stole their login credentials.


The fake Instagram app steals user credentials.

Image: Intel Security

Another threat is a trojanized photo app called ‘I Love Filter’ which purports to have been downloaded over a million times. Once downloaded and installed, the app requests users ‘upgrade to VIP’ which triggers the continious sending of text messages to premium rate numbers, as well as providing the malicious software with the ability to carry out additional attacks.

Despite being malicious, the app is rated at is rated 3.5 out of 5.0 on Google Play, something which McAfee researchers say demonstrates “that the rating system is not enough to go on when it comes to evaluating apps and threats” – and that Google should inform users that they’re still using a malicious app.

“It’s time for app store curators to notify those users impacted to help keep them secure and protect their privacy,” the report recommends.

But until this happens, users need to remain vigilant about what they’re downloading, even if it comes from an official source.

“To avoid losing personal data to dead apps, consumers need to pay close attention to the apps they’ve downloaded and research the developer and reviews about any app before installing it,” says Raj Samani, EMEA CTO of Intel Security, the parent company of McAfee.

ZDNet contacted Google, but hadn’t received a reply at the time of publication.


Source: SANS ISC SecNewsFeed @ February 28, 2017 at 10:42AM