Google Play Store hacked, apps infiltrated: users warned
Although Google has taken steps to secure its Play Store and stop malicious activity, hackers have found ways to infiltrate the app store and access users’ devices.
Millions of mobile phone users have unintentionally downloaded malicious apps that have the ability to compromise their data, credentials, emails, text messages, and geographical location.
For example, in February 2020, the Haken malware family was installed in over 50,000 Android devices by eight different malicious apps, all of which initially appeared to be safe.
Recently, Check Point's researchers identified a new malware family that was operating in 56 applications and downloaded almost one million times worldwide.
With the goal of committing mobile ad fraud, the malware dubbed 'Tekya' imitates the user’s actions in order to click ads and banners from agencies like Google's AdMob, AppLovin', Facebook, and Unity.
Twenty four of the infected apps were aimed at children (ranging from puzzles to racing games), with the rest being utility apps (such as cooking apps, calculators, downloaders, translators, and so on).
“To us, the amount of applications targeted and the sheer number of downloads that the actor successfully infiltrated into Google Play is staggering,” Aviran Hazum, Manager of Mobile Research at Check Point, said.
“Combine that with a relatively simple infection methodology, it all sums up to the learning that Google Play Store can still host malicious apps," Hazum added.
"It is difficult to check if every single application is safe on the Play Store, so users cannot rely on Google Play’s security measures alone to ensure their devices are protected.”
The Tekya malware complicates native code to avoid detection by Google Play Protect and utilises the 'MotionEvent' mechanism in Android (introduced in 2019) to imitate the user’s actions and generate clicks.
During this research, the Tekya malware family went undetected by VirusTotal and Google Play Protect. Ultimately, it was available for download in 56 applications downloadable on Google Play.
This campaign cloned legitimate popular applications to gain an audience, mostly with children, as most application covers for the Tekya malware are children's games. The good news is, these infected applications have all been removed from Google Play.
However, this highlights once again that the Google Play Store can still host malicious apps. There are nearly three million apps available from the store, with hundreds of new apps being uploaded daily – making it difficult to check that every single app is safe.
Thus, users cannot rely on Google Play’s security measures alone to ensure their devices are protected.