android-apps
Sameer Samat, vice president of product management, Android and Google Play, speaks on stage during the annual Google I/O developers conference in San Jose, California, U.S., May 17, 2017. REUTERS/Stephen Lam

The well-being of Google Play has once again been challenged after ESET discovered another set of apps said to carry a form of malware. Google has already removed these eight apps from the store, according to the IT security company.

The apps detected by ESET were said to contain Trojan Dropper, a type of malware with anti-detection features that allow it to avoid requesting “suspicious permissions and even mimic the activity the user expects them to exhibit.” The company, however, has pointed out that the apps in question were not downloaded more than a few hundred times.

According to ESET, as soon as it is installed, the malicious app executes the first-stage payload, which in turn executes the second. It is at this stage where it downloads another malicious app through a hardcoded URL. This second app, according to the research, “is disguised as well-known software like Adobe Flash Player or as something legitimate-sounding yet completely fictional…” As soon as the user agrees to install such app, it will then execute the final payload, which obtains the necessary permissions to allow the malware to work on the user’s device.

A banking trojan serves as the final payload. Malicious login forms are expected to appear, aiming to embezzle users for important details such as their credit card accounts.

The research was able to obtain download statistics, thanks to the final payload’s use of a URL shortener. ESET points out that “as of November 14, 2017, the link had been used almost 3000 times with the vast majority of hits coming from the Netherlands.”

Getting rid of the malware is a process that involves deactivating administrative rights for the payload, uninstalling the apps installed by the payload, and removing the apps with these names: MEX Tools, Clear Android, Cleaner for Android, World News, WORLD NEWS, World News PRO, Игровые Автоматы Слоты Онлайн and Слоты Онлайн Клуб Игровые Автоматы.

ESET’s discovery comes months after a flaw was discovered in an Android security mechanism. Security company Check Point had detected the flaw that “exposes Android users to several types of attacks, including ransomware, banking malware and adware.” Google has since responded that actions are being taken in the form of fixes upon the release of Android Oreo.