As of late, there were eight malicious apps spotted on Google Play Store. There are corrupted apps that has dropped a multi-stage malware on Android devices as eight malicious apps were detected on the Google Play Store which were created to infiltrate a multi-stage malware on Android devices. The malicious apps, which were identified as Android/TRojanDropper.Agent.BKY, were still able to get past Google’s security despite having the excellent ability to get around antivirus systems.
Fortunately, out of the eight malicious apps, none of them received more than several hundred downloads and were immediately removed from the Google Play Store. But then again, those Android users who have downloaded the malware-laden apps, who were mainly from Netherlands, have reached the final stage of the malware’s attack.
Malicious apps goes through four phases to load a banking Trojan. According to the researchers from ESET, the malware is able to stay invisible and hides itself since it does not really ask any kind of permission to gain administrative rights firsthand. After that, it will imitate a legitimate system activity that the app is supposed to perform. And after the app’s installation, it stealthily decrypts and executes malware payloads on a four-stage process – this kind of activity is not visible to users as most users are gullible when it comes to regular procedures of an app. These kinds of apps usually offer system optimization and other seemingly typical task in an Android device.
During the first phase, as pointed out, the malware decrypts and executes the second stage payload which has a hardcoded URL. Right after that, it downloads the third stage payload which disguises under a famous app, the Adobe Flash Player or Adobe Flash Player Update. It then displays the request to install the app for a couple of minutes in order to leave their victims even more puzzled. And if the unsuspecting user allows the installation of the app, it will drop its fourth and final payload which is responsible in taking over the administrative rights of the infected device. In addition, during the final phase, the malware launches a banking Trojan which displays fake login pop-ups used to steal credentials like username, password and other similar information.
Moreover, the malware-laden apps also show links to the notorious Android virus. Android virus is the term used to describe a group of malicious Android apps that are created to either steal information or encrypt phone’s files and demands ransom to its victims. The attack is no different as it possesses the very same distribution tactic like other Android threats that are all attributed to the Android malware.
You have to be aware that you must check any kind of applications before you download and install them as cyber crooks have manage to time and time again get past Google’s security systems and hackers these days always finds ways to hide the presence of the malware and you will only know until it’s already too late. Moreover, this kind of multi-stage infection might also give ideas to other cyber crooks and inspire them to examine any kind of possible system vulnerabilities and exploit them to deliver another set of malware-laden apps to the tech giant’s Play Store.