Android warning against malicious apps on Samsung Galaxy Store

Analysis reveals apps mimicking Showbox streaming service have code that can compromise user information

South Korea's Samsung is the world's largest vendor of mobile phones. AFP

Google's Android operating system is warning users of Samsung devices against installing certain Galaxy Store apps that apparently contain malicious code.

The issue, first flagged by Android Police, is linked to Showbox, a now-defunct movie piracy platform. Apps mimicking Showbox have made their way into the Galaxy Store, with makers betting the previous success of the original app would appeal to a set of users.

The "Blocked by Play Protect" dialog box pops up when a user attempts to install the app, with the standard "This app may be harmful" warning.

Cybersecurity aggregator VirusTotal, in an analysis of one of the Showbox clones, revealed more than a dozen low-grade alerts, ranging from riskware to adware. Some of the apps also request more permissions than usual.

A security analyst that goes by the name "linuxct" said that while the app in question may not directly contain malware as it is distributed, it can download and execute other code, possibly including malware.

"So at any moment it may become a trojan/malware, hence it's unsafe and thus why so many vendors flagged it in VT/Play Protect," the analyst added.

The National could not verify the issue on a couple of Samsung devices, the Galaxy S20 FE 5G and the more recent Galaxy Z Flip3, both with the latest versions of the Galaxy Store. Searching for "Showbox" did not return any relevant results; and trying to install less-heralded apps similar to it did not trigger any warning.

It is unclear, at the time of writing, whether this has been patched or the availability of the Showbox clones is on a regional basis.

Malware infections are a serious issue that put user data at risk, from simple personal information such as birthdays and e-mails to sensitive ones such as passwords and bank account numbers.

On a corporate level, certain types of infection could result in the complete breakdown of the network or the loss of business critical data, according to cybersecurity company Kaspersky.

Ransomware, the most common type of malware, is predicted to cost its victims more than $265 billion annually by 2031, according to a 2021 report from Cybersecurity Ventures. It estimated that it would cost users around $20bn last year, 57 times more than in 2015.

South Korea's Samsung, the world's biggest mobile phone vendor, has not officially responded to the issue.

Showbox became popular as it gave users free access to movies and TV shows, but has been taken down several times for distributing illegal or pirated content.

Updated: January 5th 2022, 4:45 PM