Apps downloaded from official app stores are usually considered safe, but hackers have tricks up their sleeves to abuse legitimate sources to evade detection. Recently, some researchers exposed a malicious cyber-operation involving malicious apps, hidden in a hollow shell of photo editing apps.

Bringing blur apps into focus

In July, the Satori team had discovered 29 apps on Google Play store containing code that facilitated out-of-context (OOC) ads.
  • The nefarious cyber-scheme named ‘Chartreuse Blur’ attempted several techniques to hide the malicious nature of the apps. 
  • The campaign used several domains and bogus apps to draw a high traffic volume. The operators hid the malicious code in a three-stage payload evolution so that none of the code appears problematic until stage three. 
  • To prevent deletion, right after installation, the app icon disappeared from the device’s home screen, making it incredibly difficult for users to find and uninstall the app.
  • The apps, with over 3.5 million total downloads from the Google Play Store, bombarded OOC ads to run rampant on the compromised device whether the fraudulent app is open or not.

Recent malicious apps on Google Play Store

Malware developers have been using several innovative tactics due to which mobile applications containing malicious payload get approved by the Google Play Store security. In some instances, hackers even used fake COVID-19 apps to infect users.
  • In July 2020, the Joker malware tricked the Play Store’s security and vetting barriers with small changes to its code. Google had found and removed 11 apps from the Play Store infected with the notorious Joker malware.
  • In May 2020, with the help of an algorithm called CreepRank, Google identified and removed 813 creepware apps from its Play Store.

A word of caution

Google has been actively removing malicious apps as soon as they are identified. But until the removal, the number of downloads keeps increasing. These apps are incredibly dangerous and pose serious threats, and users should take caution when downloading new apps on their smartphones.

Cyware Publisher