An app in the official Google Play store with the fun name of Super Free Music Player is striking a malware-laden note for those unwittingly downloading it—and so far, between 5,000 and 10,000 people have done just that.
Perhaps better entitled Super Free Malware, the application was uploaded to Google Play on March 31. The malware is able to download additional payloads from remote websites and upload device information, including installed applications and the country, language, manufacture, model, SDK version, and so on, according to SophosLabs.
Researcher Rowland Yu said that the app marks the return of sophisticated techniques formerly found in BrainTest malware to bypass detection by Google and security researchers. Check Point discovered BrainTest on a Nexus 5 smartphone in 2015, which used multiple techniques to avoid Google Play malware detection and to maintain persistency on infected devices. Google Play removed it, but attackers have now simply repurposed it, according to Yu.
The discovery is part of a continued onslaught of malicious Android apps inside the official Google Play store. For instance, the FalseGuide malware was recently found infesting more than 40 apps in the Google Play store, which were uploaded to the app store as early as November 2016. They hid successfully for five months, accumulating an alarming 2 million infected users.
Just last month, an Android trojan known as BankBot was found targeting hundreds of apps on Google Play in a wide-net effort to steal mobile users' online banking credentials. BankBot first surfaced earlier this year after its source code was leaked in December. It infiltrates benign programs, hitching a ride to installation on users’ phones.
In March, 87 fake “mods” for Minecraft, the wildly popular pixelated sandbox game for kids, turned up in Google Play. Android gamers that fell for them found themselves bombarded with aggressive ads and scam activity, according to ESET, which added than nearly 1 million users have installed them.
Eliminating trojanized apps has become a bit of a whack-a-mole exercise for Google. In the FalseGuide case, Check Point notified Google about the first wave of the malware, and it was swiftly removed from the app store. But then at the beginning of April, two new malicious apps were uploaded to Google Play containing FalseGuide, and Check Point notified Google once again.