Yet another shocking case of malicious apps harming smartphones has come to light.Search engine giant Google removed all the Android apps found filled with adware from the Google Play Store.Google has removed as many as 29 apps from the Play Store. These Android apps had over 3.5 million downloads on the GooglePlay Store. White Ops’ Satori threat intelligence team as part of their “CHARTREUSEBLUR” investigation discover the Malicious Android apps. Most of these malicious apps were photo editing apps that had a blur feature. That’s how the investigation got ‘blur’ in its name.
The researchers named their investigation as “ChartreuseBlur,” since a majority of the malicious apps detected were photo editing apps, which reportedly provided users with a free blur feature. The malicious apps have known to obfuscate the code and escape security detection by making its icon disappear from the phone shortly after download.
The apps have a three-stage payload evolution. In the first two stages, the app appears normal, but it reveals its malicious activities in the last third phase. Once the app is downloaded, it begins attacking the device with unwanted ads.
The researchers stated that they conducted an analysis on one of the Android app called Square Photo Blur and found that its features were like that of all other apps. The Satori team published a list of malicious applications and recommended users to remove them immediately if anyone is using them.
Here’s a list of all the malicious application as follows below:
- Auto Picture Cut– com.auto.picture.cut.background.eraser.tool
- Color Call Flash – com.color.call.flash.tools\
- Square Photo Blur– com.jack.square.photo.blur.image, com.joan.super.photo.blur.tool
- Square Blur Photo– com.jobfun.square.photo.blur.image, com.jones.square.photo.blur.image
- Magic Call Flash– com.magic.call.flash.tools, com.mandi.super.photo.blur.tool
- Easy Blur– com.mary.super.photo.blur.tool
- Image Blur– com.mclain.photo.blur.editor.background, com.michael.super.photo.blur.tool
- Auto Photo Blur– com.paige.photo.blur.background
- Photo Blur – com.scorp.photo.blur.background
- Photo Blur Master– com.scott.scorp.photo.blur.background, com.smart.call.screen.tools
- Super Call Screen– com.super.call.screen.tools, test.com.flash.call.flashcall.cool
- Square Blur Master– com.robert.square.photo.blur.image
- Square Blur– com.craig.square.photo.blur.image
- Smart Blur Photo– com.james.smart.blur.photo.editor.tool
- Smart Photo Blur– com.james.smart.photo.blur.editor.tool
- Super Call Flash – com.super.call.screen.toolz
- Smart Call Flash– com.smart.call.flash.tools
- Blur Photo Editor – com.sixgod.photo.editor.blur.image.tool
- Blur Image– com.fancy.photo.editor.blur.image.tool, com.aab.photo.blur.editor.background, com.angel.photo.blur.background, com.auto.image.editor.background.eraser.tool, com.auto.photo.editor.background.eraser.tool
HOW TO IDENTIFY MALICIOUS APPS
Researchers stated that users should reverse engineer every mobile app before downloading. Here are a few questions a user can ask to help identify malicious apps:
- Do the reviews talk about ads popping up all the time?
- Reviews talk about the app disappearing or being unable to uninstall itself?
- Do the reviews have a lot of complaints that the app does not work as advertised?
- Are there a lot of 5-star reviews, but the recent reviews are mostly 1-star?
- Does the app publisher have a lot of downloads in a very short amount of time?
If the answer is yes to any of the above questions, then it might be a bogus or malicious app.
CYBERTHREATS ASSOCIATED WITH MALICIOUS ANDROID APPS
Researchers from cybersecurity firm Trend Micro revealed that they have discovered three malicious apps on Google Play Store, designed to compromise victim’s devices and steal information. The 3 malicious apps, Camero, FileCryptManager, and CallCam, were masked as photography and file manager tools. It is also observed that the Camero app exploits use-after-free vulnerability CVE-2019-2215 that exists in Binder, an inter-process communication system in Android. By exploiting the CVE-2019-2215 vulnerability, attackers can inject malicious codes and steal information without user knowledge from their device.
As of now, Google removed all these Android apps from the Google Play Store. But, if you still have them on your phone, you should uninstall them right now. The White Ops’ Satori team says that there could be more apps like these and advises to look out for hints like – reviews of the apps mentioning ads popping up all the time, apps disappearing after downloading, a lot of 5-star reviews but recent ones are mostly 1-star, the app doesn’t work as advertised, the app received a lot of downloads in a very short time. Few of these points can act as indicators that the app is probably a malicious one.