Real or Not? Google Pulls Security Apps

Google yanked faux security apps from Google Play, after Trend Micro researchers discovered them.

While they looked like legitimate security solutions, and occasionally misusing the name of AV vendors, the apps seemed to be doing the job.

RELATED STORIES
Android Apps Banned after Stealing Passwords
Android Patch Clears Vulnerabilities
Android Backdoor Steals Social Media Info
Disable Location Services, Google Knows Location

They ended up showing security notifications and other messages, and warned users about malicious apps, and seemingly provided ways to fix security issues and vulnerabilities.

It was all a ruse. The apps used simple animations to trick users into believing the discovered issues were resolved.

The apps’ real goal was to hit users with ads and entice them to click on them, as well as covertly collect information about the user, the device, the OS, the installed apps, and track the user’s location, and upload all this information to a remote server.

Once installed on a target device, these fake apps, for which there were 36, had the ability to prevent themselves from appearing on the device launcher’s list of applications, and from showing an icon of the device’s screen.

“The excluded devices are: Google Nexus 6P, Xiaomi MI 4LTE, ZTE N958St and LGE LG-H525n. It is possible the malware developers knew that this tactic would not work on these devices, or they wanted to avoid being checked by Google Play during inspection periods,” Trend Micro researchers said in a post.

Users who downloaded and installed one of these apps were asked to agree to a EULA (end-user license agreement) that describes the information that will be gathered and used by the app.

The researchers released a list of app names, package names and SHA256 hashes of these fake security apps, so users can check whether they have installed one or more of them.

The list includes hashes for different versions of the same apps, most of which were found on Google Play. Trend Micro detects all of them, as the malicious apps, with small changes in their code, may be also be distributed by third-party app stores or forums.