Google Play Store administrators have removed more than ten malicious applications from the Google Play Store after discovering they were designed to display annoying online ads while trying to mimic legitimate software behavior. The cyber crooks have masked these applications as online games, photo edtiros, a QR code scanner and a compass. Four of these adware apps already had from 10,000 up to 50,000 downloads.
According to Zscaler researchers, the cybercriminals strived to force users to give administration rights to these applications. Administration rights were needed to allow the apps to display full-screen ads, open third-party links in browser, automatically launch YouTube videos, and add short URLs to home screen.
As the analysis of applications showed, most of the malicious applications were created based on stolen codes of legitimate programs. For example, one of the applications with com.ndk.taskkiller package actually was a pirated version of the legitimate program “Battery Saver HD and Task Killer”. The additional adware code allowed the app to receive requests from a malicious C&C server.
In order to bypass Google Play Store’s inspection and audit measures, the attackers have added a malicious package into a genuine Google Mobile Services (GMS) package. According to the researchers, all lines of the malicious code were obfuscated using a simple method of encryption.