Malicious apps posing as legitimate apps in Google Play Store is not a new thing. However, this time a set of such apps have been spotted impersonating app security scanners.
What’s going on?
Various new strains of Brazilian Remote Access Tool Android (BRATA), an Android malware family, were found to propagate a backdoor capable of stealing confidential info. These apps typically target users in Brazil, the U.S., and Spain, and have been installed somewhere between 1,000 and 5,000 times. Not only BRATA variants, another malicious app—DefenseScreen—was installed more than 10,000 times before being removed from the Play Store.
A little bit of history
- First spotted in 2018, BRATA became a banking trojan.
- It is entirely disseminated via Google Play and thus, enables attackers to lure unsuspecting users by notifying them of a non-existent security issue that can be solved by downloading a malicious app.
Other malware on Google Play
- A wormable Android malware—FlixOnline—was disguised as the Netflix app and capable of monitoring victim’s WhatsApp notifications and send automatic replies to incoming messages.
- Last month, the Class82 dropper was found hidden in nine legitimate Android utility apps and distributed via the Play Store.
The bottom line
You can no more trust an app just because it is on Google Play Store. In that case, you are advised to remember that all your apps are updated via the Play Store and you don’t need to grant permission to a third party for the same. Android accessibility services are being abused on a daily basis and research suggests that malware like BRATA will evolve with better obfuscation techniques and new capabilities.