Android App Stores Drenched with Malware

Written by

Android app stores, especially third-party ones, are swimming in malware.

With the increase of the amount of mobile apps over the last few years, smartphone users have also seen a significant rise in malware, especially Android users. In 2015 alone, the amount of Android malware infections totaled more than 9.5 million, according to the Cheetah Mobile Security Research Lab.

All third-party app stores tested were found to be contaminated by potentially malicious applications to a certain degree. In some app stores, malware has been downloaded tens of thousands of times.

For instance, on Mobogenie, the app called Assistive Touch has been infected with the un-removable trojan known as Ghost Push. The app has been downloaded about 140,000 times.

On another app store, Vshare, CMS Lab also found malicious apps like WiFi Analyzer, Swift WiFi, Light Browser, and more.

“The app Light Browser in the vShare store shows the APK size is about 370 KB. However, when it begins downloading, the actual size becomes 5.2 MB, meaning users are downloading assets beyond just the browser app,” Cheetah Mobile explained in the report.

“Third-party app stores bring great convenience to users, especially in countries where official ones are not available,” the report explained. “However, due to weak security monitoring, many third-party app stores have been contaminated by malicious applications, usually pretending to be legitimate apps from top companies, posing a great threat to innocent users.”

Google Play on the other hand, is a much safer environment. The official Google outlet has had its share of malware infections—the Android game Brain Test was infected with the nasty Trojan Ghost Push and published to Google Play twice, affecting millions of users. But compared with third-party app stores, the percentage of high-risk malware is much lower on Google Play, as is to be expected.

The CMS Lab took 904,464 samples among its 1.6 million applications from Google Play, and just 48 potentially malicious applications was found. Among the malware, adware accounts for 39%, and high-risk malware for 0.08%.

There are a number of ways that Android users can stay safe, Cheetah Mobile noted. First of all, they can regularly scan their devices with security applications. Also, they should only download apps from reputable app stores like Google Play. It’s also important to read the reviews carefully before downloading any applications, especially of those which are poorly rated. Many people will warn others against malware in the reviews.

Users should also be on alert for anything strange their phone might be doing, even if it is just consuming excess battery power; and, they should pay attention to the permissions applied by an app to determine whether it’s asking for too much (e.g. requesting for your contacts or messages).

Photo © iQoncept

What’s hot on Infosecurity Magazine?