Fake Google Maps App Loaded with Malware Discovered on Google Play
Android smartphone owners are being warned about fake Google Maps apps loaded with malware that have been downloaded from the Google Play Store.
The dangerous apps can trick users into granting it admin rights and direct them to scam websites on their device’s browser.
The malicious Android apps found on the Google Play Store were discovered by security experts Symantec. The notable thing about these apps is that they don’t appear as Google apps; instead, they are promoted as calculators, space clears and emoji add-ons. Once they are downloaded, the apps can disguise themselves by adopting the official Google Maps icon or the Google Play Store logo.
Discussing the apps, Symantec security experts Martin Zhang and Shaun Aimoto write, in a detailed blog post– “The Google Play app store has a reputation as the safest place online to get Android apps, and Google does a good job of advising users to limit exposure to malware and other risks by configuring their phones to forbid side-loading and alternative app markets in the Android Settings…We’ve encountered several apps in the past, however, that manage to gain access to this walled garden. The latest of these discoveries is a set of apps that has managed to reappear in the Play store even after we alerted Google and the original app was removed. The same code was published on Google Play with a slightly different name under a new publisher.”
It’s the Android.Reputation.1 malware that is spread through the apps; there are at least seven apps that spread this malware. The Symantec blog post says- “This malware (Android.Reputation.1) appears on the Play Store hidden in at least seven apps in the U.S. offering fun, useful, and sometimes insidious features. These include emoji keyboard additions, space cleaners, calculators, app lockers, and call recorders. None of the samples we analyzed actually functioned as advertised on their Google Play pages. Once the app is installed, it takes various measures to stay on the device, disappear, and erase its tracks.”
The Symantec researchers explain that the malicious apps use the same set of tricks to hoodwink the user. They’d first wait before undertaking the scam so as not to arouse suspicion and then go on to request device administrator privileges. Once installed, the apps would change their launcher icon and thus keep the user in the dark. They also deliver content (ads, URLs that redirect you to “you won” pages etc) to the device and help the hackers make money.
The offending apps have now been removed from the Google Play Store.
Kevin Jones252 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.