Trojan detected in 8 apps on Google Play downloaded by more than 2 million users

mobile phones, 18.11.2024, 13:30 PM

Eight Android apps in the Google Play Store, downloaded by millions of users, contain the Android.FakeApp Trojan that steals user data.

Russian cyber security company Dr. The web has discovered several Android apps in the Google Play Store that contain the Android.FakeApp.1669 (aka Android/FakeApp) trojan. These applications, which are presented as practical applications such as financial tools, planners and recipe books, contain hidden malware that redirects users to certain websites, compromising their data. More than 2 million users have downloaded these infected apps from Google Play.

Android.FakeApp.1669 is part of the Android.FakeApp trojan family, a group of malware that usually redirects users to various websites disguised as legitimate applications. However, this variant is particularly interesting due to its reliance on a modified dnsjava library that allows it to receive commands from the malicious DNS server, which provides the target link. Instead of the feature advertised by the app, this link is displayed on the user’s screen, often pretending to be an online casino or other website.

According to the report dr. Web, malware is activated only under certain conditions. If the infected device is connected to the Internet through certain mobile providers, the DNS server will send a configuration to the application, which contains a link that is loaded within the WebView interface of the application. When not connected to targeted networks, the application functions as expected, making it difficult for users to detect.

In January 2018, the Android.FakeApp Trojan was first discovered in a fake Uber app for Android. Later, in March 2018, the same malware targeted Facebook users. In May 2020, a fake mobile version of the game Valorant was spreading Android.FakeApp just as the official version was due to be released that summer.

The investigation of Dr. The web has discovered several apps in the Google Play Store, some with a large number of downloads, infected with Android.FakeApp.1669. Although Google removed some of these apps, millions of users installed them before the removal.

On the list of applications identified by malware analysts of the company Dr. Web are: Split it: Checks and Tips (downloaded over 1 million times), FlashPage parser (over 500,000 downloads), BeYummy – your cookbook (over 100,000 downloads), Memogen (100,000 downloads, now removed from Google Play), Display Moving Message (100,000 downloads), WordCount (100,000 downloads), Goal Achievement Planner (100,000 downloads), DualText Compare (100,000 downloads), Travel Memo (100,000 downloads, now removed from Google Play), DessertDreams Recipes (50,000 downloads) and Score Time (10,000 downloads, now removed from Google Play).

Once it infects a device, the Trojan collects specific data from the device, such as screen size, device model and manufacturer, battery percentage, device ID, which includes installation time, and a random number. This data allows the server to tailor its response for each infected device. Once the device meets the connection criteria, Android.FakeApp.1669 downloads and decrypts data from the DNS server, eventually loading a link that redirects to an unwanted website, usually an online casino.

Given the high number of downloads, Android users should take some steps to protect themselves. First, if you have installed any of the listed apps, uninstall them immediately, as well as other similar apps that exhibit suspicious behavior.

Read app reviews – Many users have left negative reviews about these apps, noting that the apps show unwanted ads and freeze their devices.

Use reliable security software, and regularly checking app permissions is another important step. Users should review the permissions requested by applications, avoiding any unnecessary access that could compromise device security. In addition, regularly updating your device and apps can help prevent certain malware infections, as updates often include important security patches.

Finally, download apps with caution, even from official sources like Google Play.

Photo: Daniel Romero | Unsplash