Android Apps Out of Google Play

Tuesday, June 28, 2016 @ 06:06 PM gHale


Google pulled six Android applications from the Play Store that appeared to behave in a malicious manner, researchers said.

The apps suffered from an infection from the Android.Valeriy Trojan, said researchers at Russian security vendor Dr.Web.

RELATED STORIES
Android Malware Sneaks in, Takes Over Phone
Ransomware Hits Android Devices, TVs
Google Patches Android, Qualcomm Holes
Androids Suffer from Mediaserver Attack

The apps were Battery Booster, Power Booster, Blue Color Puzzle, Blue And White, Battery Checker, and Hard Jump – Reborn 3D. The developers of these apps are ZvonkoMedia LLC, Danil Prokhorov, and horshaom.

Before being taken offline, Dr.Web said the apps ended up downloaded by over 15,500 Android users. The security firm said it managed to break into the Trojan’s C&C server and discovered over 55,000 users ended up infected with the Android.Valeriy malware.

After a victim installs one of the apps, the Trojan comes to life and Android.Valeriy connects to a C&C server from where it gets a list of URLs and then opens these links in the WebView (browser) component.

This is specific adware behavior and is enough to get the apps banned from the Play Store.

Android.Valeriy will also subscribe the user to premium phone numbers. In addition, the Trojan includes functionality to intercept the confirmation SMS messages and hide them from the human user.

Dr.Web researchers also report a click-fraud behavior, since the Trojan also opens URLs in another WebView component and taps on ads or presses download buttons.