Malicious apps among the most common Android threats, new study finds

These apps push intrusive ads, subscribe users to premium services against their will and hack into their social media accounts

Adware trojans are built into apps such as image editing tools, virtual keyboards, calling apps and wallpaper collection apps to trick users into downloading them, a new report found. Photo: The National
Beta V.1.0 - Powered by automated translation

Malicious apps remained among the most widespread threats to Android devices in June, according to a new report by antivirus software maker Dr Web.

Analysts discovered dozens of malicious apps on Google Play, including adware trojans, fake apps used by scammers, information stealers that seek out confidential data, among others, the report said.

The adware trojans were built into apps such as image editing tools, virtual keyboards, system tools and utilities, calling apps and wallpaper collection apps, the research revealed.

“These apps push intrusive ads, subscribe users to premium services and steal social media accounts,” Dr Web said.

Global malware attacks rose about 11 per cent annually to more than 2.8 billion in the first half of 2022, the first rise in such incidents in more than three years, a study by cyber security company SonicWall found.

Malware — a programme typically designed to disrupt or gain unauthorised access into a system — constitutes one of the biggest threats in the IT industry.

It is part of the wider cyber crime sector projected to cause global financial damages of about $10.5 trillion by 2025, according to Cybersecurity Ventures.

Some malicious apps found by Dr Web analysts include Photo Editor: Beauty Filter, Emoji Keyboard: Stickers & Gif, Neon Theme Keyboard, Cache Cleaner and Funny Caller, among others.

To display ads, some of these apps request permission to show windows over other apps, while the remainder ask users to add them to the exclusion list of the battery-saving feature, Dr Web said.

In addition, to make it more difficult for users to detect malicious apps in the future, the trojans hide their icons from the list of installed apps in the home screen menu — or, they replace the icons with less noticeable ones.

For example, the icon named SIM Toolkit, which when selected, launches an eponymous system app for working with SIM cards — instead of the original app, the study said.

Dr Web’s researchers also found malicious apps on the Play Store that infect users’ devices with the infamous Joker malware. They are capable of downloading and executing arbitrary code and subscribing victims to paid mobile services without their knowledge.

One of them was hidden in third-party launcher Poco Launcher, while another was in the 4K Pro Camera app. A third was in the Heart Emoji Stickers collection app, the report found.

Other malicious apps discovered by Dr Web’s researcher are designed to steal data that can be used to hack Facebook accounts.

These two apps (YouToon — AI Cartoon Effect and Pista — Cartoon Photo Effect) disguise themselves as image editing tools that can apply cartoon filters over regular images.

Both apps have been designed to steal data from your Android smartphone that can be used to hack into your Facebook account.

Upon launching, the apps ask potential victims to log in to their accounts and then load a genuine Facebook authorisation page. Next, they hijack the authentication data and send it to malicious parties, according to Dr Web researchers.

Other malware apps are Water Reminder — Tracker & Reminder, which purportedly helps users drink more water and stay hydrated, and Yoga — For Beginner to Advanced, a yoga curriculum app.

They decrypt and launch the malicious component hidden inside file resources, which covertly load various websites. Next, this component simulates user actions and automatically clicks on interactive elements located on these sites — for example, banners and advertisement links, the Dr Web report said.

Another threat uncovered was a fake app for online communication called Chat Online, according to the research.

The app loads different websites, including fraudulent ones. Some of them simulate the process of registering for online services and potential victims are asked to provide their mobile phone number, email and other personal data. This information could subsequently end up on the black market and be used by scammers, the study revealed.

“On other websites, a dialogue with a real person is imitated, and the user is then asked to pay for full premium access to continue chatting. Any user agreeing to this can end up not only having their account debited for a one-time set amount or being subscribed to a paid service they don’t need, but also losing all their money — if cybercriminals get hold of their bank card details,” Dr Web researchers said.

Full list of malicious apps found by Dr Web

  • Photo Editor: Beauty Filter
  • Photo Editor: Retouch & Cutout
  • Photo Editor: Art Filters
  • Photo Editor — Design Maker
  • Photo Editor & Background Eraser
  • Photo & Exif Editor
  • Photo Editor — Filters Effects
  • Photo Filters & Effects
  • Photo Editor: Blur Image
  • Photo Editor: Cut, Paste
  • Emoji Keyboard: Stickers & GIF
  • Neon Theme Keyboard
  • Neon Theme — Android Keyboard
  • Cache Cleaner
  • FastCleaner: Cache Cleaner
  • Call Skins — Caller Themes
  • Funny Caller
  • CallMe Phone Themes
  • InCall: Contact Background
  • MyCall — Call personalisation
  • Caller Theme
  • Caller Theme
  • Funny Wallpapers — Live Screen
  • 4K Wallpapers Auto Changer
  • NewScrean: 4D Wallpapers
  • Stock Wallpapers & Backgrounds
  • Notes — reminders and lists
Updated: July 30, 2022, 9:02 AM