ElevenPaths along with Kaspersky uncover several malicious apps on Google Play

Florence Broderick    27 February, 2017
ElevenPaths, along with Kasperksy Lab and its team GReAT (Global Research and Analysis Team), published recently an investigation revealing how malicious apps are opperating in Google PLay, by subscribing users under special tariff numbers. They analysed which type of app is mostly used to get potential victims’ attention, which tactics were used to disseminate the app, the infrastructure code and the management panels used in the campaigns

Some years ago, it was very easy to upload a “dialer” (or some type of malicious app) on Google Play, but now it’s getting harder and harder as the detection mechanisms have improved considerably. This fact pushed many groups to focus in other deposits of non official applications, although this doesn’t mean that the official deposits are protected from this threat. Not long ago, a Spanish group managed to upload a non official app from the famous TV Show in Spain “Gran Hermano”.

Its accomplishment to be in Google Play is based in an old trick. First of all, the uploaded a clear version that was approved by the security control in Google Play. Some days after, they updated the app adding new functionalities, including the subscription for paid services. This trick was extremely simple but the results ended up being very effective, as the app was available for downloads for around two months , (from mid September until mid November 2015).

This app used interesting and modern techniques, to manage fraudulent subscriptions and monetise the infection of victims. This group of “programmers” also tried something similar by using another dissemination sources besides Google Play. One of the services used in this application exposed a control panel with informations from “users”. In September 2016, they pushed it again in Google Play, still using the TV show theme.

This group really succeeded by uploading apps in Google Play, using an attractive theme as the Spanish TV show “Gran Hermano”. Spain and Poland are two countries traditionally picked as a targets for such type of applications. However, we haven’t seen in the latest years no group that could upload an app in official deposits in a relatively simply way. This types of apps, where functionalities are close to this thin line between what is a legit and what would be a fraudulent activity, they really test these automatic detection systems. This enables such apps to become available on Google Play, even if they are removed within some time.

Check all details in these posts, in English and Spanish:

* https://securelist.lat/blog/moviles/84533/expensive-free-apps/
* https://securelist.com/blog/mobile/77083/expensive-free-apps/

Leave a Reply

Your email address will not be published. Required fields are marked *