It turns out that we can no longer trust official repositories when downloading and installing secure applications. Very recently, the official Google store from which we downloaded millions of applications every day, Google Play Store, it housed an application with a large number of downloads that included a Trojan inside. The application was CamScanner and millions of people had it on their phones because it was, apparently, a completely secure tool for scanning documents with the simple help of the mobile.
Notes and fitness, two fraudulent applications
And today, again, the app store of Google Play Store is again in the focus of everyone's attention for security reasons and it has been discovered that two applications, also with millions of downloads behind them, are giving problems to those who have them installed on their phones. This is a note application called ‘Idea Note: OCR Text Scanner, GTD, Color Notes ’and another one of beauty, health and fitness that has the name of‘ Beauty Fitness: daily workout, best HIIT coach ’. For more than a year, these two applications have been disappointing millions of users before the Symantec security company informed Google and it removed them from the Google Play Store.
Thus ‘they stole’ data from users
The two applications placed ads inside in places that they were not visible for the user who downloaded and installed them, usually at the bottom of the application drawer of infected mobiles. When the user clicked on the notification (it was a normal notification, not a visible ad) the ad was opened but not shown. In this way, the application could report that the user was watching the ads continuously, generating revenue per click, but without him noticing.
They also hid the ads in another way: with a technique called ‘Packers’: by changing the structure and flow of the application installer file (what we know as APK) the scammers could alter behavior of said file. With this obfuscation operation, the scanners of the Google Play Store They were unable to detect any anomalous behavior in hosted applications.
All these “phantom” clicks had a negative impact on mobile performance, causing a brutal battery drain and an excessive increase in mobile data traffic. For a full year, these two applications have gone completely unnoticed by Google’s security engineers, and have affected more than 1.5 million users They downloaded them. This case is particularly complex throughout the system of obfuscation and modification of the packages to which we have mentioned.
The developer of the two applications, Master idea, no longer has any application available in the Play Store and has not even given explanations to the media about these two applications with malware. We recommend if you notice that your mobile is going something weirder than normal, you have had an excessive consumption of data and your uses and customs have not changed and the battery runs out much faster than before, look to see what recent applications you have downloaded and installed.
Other news about … Google, security