A new batch of malicious Android apps filled with adware and malware was found on the Google Play Store that have been installed close to 10 million times on mobile devices.
The apps pose as image-editing tools, virtual keyboards, system optimizers, wallpaper changers, and more. However, their underlying functionality is to push intrusive ads, subscribe users to premium services, and steal victims' social media accounts.
The discovery of these malicious apps comes from the Dr. Web antivirus team, who highlighted the new threats in a report published today.
Google has removed the vast majority of the presented applications, but at the time of writing this, three applications remain available for download and installation via the Play Store.
Also, if you installed any of these apps before their removal from the Play Store, you will still need to uninstall them from your device manually and run an AV scan to clean any remnants.
The new malicious Android apps
The adware apps discovered by Dr. Web are modifications of existing families that first appeared on the Google Play Store in May 2022.
Upon installation, the apps request permission to overlay windows over any app and can add themselves to the battery saver's exclusion list so they can continue running in the background when the victim closes the app.
Additionally, they hide their icons from the app drawer or replace them with something resembling a core system component, like "SIM Toolkit".
The full list of adware apps can be found at the bottom of the article, but one notable example still on the Play Store is 'Neon Theme Keyboard,' which has over a million downloads despite the 1.8-star score and many negative reviews.
"This app "killed" my phone. It keep'd crashing , i couldn't even enter password to unlock phone and uninstall it. Eventually, I had to make a complete wipe out (factory reset), to regain phone. DO NOT , install this app !!!!," read a review of the app on the Google Play Store.
The second category of malicious apps found on the Play Store is Joker apps, known for incurring fraudulent charges on victims' mobile numbers by subscribing them to premium services.
Two of the listed apps, 'Water Reminder' and 'Yoga – For Beginner to Advanced,' are still on the Play Store, having 100,000 and 50,000 downloads, respectively.
Both provide the promised functionality, but they also perform malicious actions in the background, interacting with invisible or out-of-focus elements loaded via WebView and burdening the users with charges.
Finally, Dr. Web highlights two Facebook account stealers distributed in image editing tools that apply cartoon filters over regular images.
These apps are 'YouToon – AI Cartoon Effect' and 'Pista – Cartoon Photo Effect,' which have been collectively downloaded over 1.5 million times via the Play Store.
BleepingComputer has contacted Google about the malicious apps remaining on the Play Store but has not heard back at this time.
Staying safe on the Google Play Store
Android malware will always find a way to creep into the Google Play Store, and sometimes apps can stay there for several months, so you should not blindly trust any app can blindly trust no apps.
Due to this, it is vital to check user reviews and ratings, visit the developer's website, read the privacy policy, and pay attention to the requested permissions during installation.
Additionally, always ask yourself if the promised functionality is necessary to you, as keeping the number of apps on your phone at a minimum is a reliable way to reduce the chances of malware infections.
Finally, ensure that Play Protect is active on your device and regularly monitor your internet data and battery consumption to identify any suspicious processes that run in the background.
As previously stated, users should also check to see if they have any of the following Android adware apps install on their devices, and if found, manually remove them and scan for viruses.
- Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
- Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
- Photo Editor: Art Filters (gb.painnt.moonlightingnine)
- Photo Editor - Design Maker (gb.twentynine.redaktoridea)
- Photo Editor & Background Eraser (de.photoground.twentysixshot)
- Photo & Exif Editor (de.xnano.photoexifeditornine)
- Photo Editor - Filters Effects (de.hitopgop.sixtyeightgx)
- Photo Filters & Effects (de.sixtyonecollice.cameraroll)
- Photo Editor : Blur Image (de.instgang.fiftyggfife)
- Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
- Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
- Neon Theme Keyboard (com.neonthemekeyboard.app)
- Neon Theme - Android Keyboard (com.androidneonkeyboard.app)
- Cashe Cleaner (com.cachecleanereasytool.app)
- Fancy Charging (com.fancyanimatedbattery.app)
- FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)
- Call Skins - Caller Themes (com.rockskinthemes.app)
- Funny Caller (com.funnycallercustomtheme.app)
- CallMe Phone Themes (com.callercallwallpaper.app)
- InCall: Contact Background (com.mycallcustomcallscrean.app)
- MyCall - Call Personalization (com.mycallcallpersonalization.app)
- Caller Theme (com.caller.theme.slow)
- Caller Theme (com.callertheme.firstref)
- Funny Wallpapers - Live Screen (com.funnywallpapaerslive.app)
- 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
- NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)
- Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
- Notes - reminders and lists (com.notesreminderslists.app)
Comments
Dr. Technical - 1 year ago
We should have expected this...You cannot trust the various app stores to successfully protect you from malware embedded in apps they offer in their stores. After all, apps are being created by just about anyone with a computer, regardless of whether they have had any formal training in program development and security best practices. So the quality of apps being submitted will run the gamut, from well-crafted, efficient and worthwhile apps, to festering heaps of monkey spit that shouldn't run on anyone's device, let alone make it into an app store where it can ruin the devices of thousands of unsuspecting users, who foolishly trust Google, Microsoft and Apple to prevent bad apps from making it to the store in the first place.
RiddickABSent - 1 year ago
And what else can you expect from applications with "whistles and fakes"?
Bryndan_W_Meyerholt - 1 year ago
I feel as if Google should have law enforcement involved about the issue…