Google Play Store Hit with Multi-Stage Android Malware Spread Through Legitimate-Looking App

With the release of the iPhone X earlier this month techies, Apple fans, and those seeking one of the most expensive smartphones were enamored with gleaming eyes waiting to get their hands on the new device. While Apple aficionados stood by to get a new iPhone X, on the other side of the isle Android loyalists remained satisfied with their vast selection of smartphones. Unfortunately, on the other side of the isle Android users face a growing presence of malware where newer threats have evolved into multi-state malware found throughout the Google Play Store.

Mobile malware has been around for many years and continues to be an ever-evolving threat mostly targeting the Android operating system due to its openness, something many of its users enjoys. While the openness of Android afforded many creative apps to be created and passed through the Google Play Store, an onslaught of malware continues to plaque the store now with multi-stage Android malware that attempts to trick people into believing that they downloaded legitimate apps.

While the notion of multi-state malware lurking on the Google Play Store is enough to alarm countless Android users, rest assured that Google has already addressed the issue and removed the malicious apps from the store. However, in the breakout of malicious multi-stage Android malware, ESET security has claimed that several hundred to thousands of users may have encountered the malware while it was loose on the Google Play Store.

The stats obtained by ESET claims that one of the links that direct users to the malware have been hit almost 3,000 times as of November 14, 2017. Most of the hits came from the Netherlands, and many Android users encountered an attack that downloaded its final payload through a bit.ly URL shorter, which is a common technique used in the past to trick users into landing on malicious sites that propagate malware.

Security experts have dubbed the Android malware as Android/TrojanDropper.Agent.BKY, which is a threat known to download the MazarBot or a dangerous banking trojan designed to steal login credentials stored on an infected device.

The multi-stage aspects of the Android malware draw additional concerns that the malware may make its way onto additional apps that mask themselves as legitimate. The technique of having malicious apps pretend to be legitimate is yet another technique aggressive hackers have used to spread such threats. Drawing the obvious comparison with the Apple store for iPhone users and the Google Play Store, the Apple store goes through more stringent processes to approve apps and ensure they are not malicious. While such a process hasn't always been full proof, the Google Play Store's app approval processes are not as strict, and at times malicious apps may slip through the cracks just as the recent multi-stage Android malware did.

Fortunately, Android users who stay within the boundaries of obtaining apps from the Google Play Store instead of 3rd party sources have a significantly reduced risk of infecting their device with malware. Though, as we have reported today, malicious apps do make their way into the Google Play Store and it is up to each Android user to be vigilant and aware of new threats, in addition to keeping a backup of their Android device handy.