Malicious Apps Back On Google Play With Google Icons


Security firm Symantec has reportedly found a number of malicious apps that were previously kicked out of the Google Play Store, now back with new developer names, new app names, and new icons that ape Google's own app selection. The apps in question are duplicates of malicious apps that previously slipped past Google's protections, right down to the last line of malicious code. These new apps are the return of a malware class known as Android.Reputation.1, which first appeared all the way back in 2014.

For those who never read about the previous infestation, this particular malware appears in apps that don't actually do what they're advertised to do. Instead, after a few hours, they hide themselves and begin their malicious behaviors. It all starts with the apps asking for device administrator privileges, as many malware tend to do. If those permissions are granted, the app can not only hide, but perform a number of actions on the device and keep the user from uninstalling it. From there, the app will redirect users to scam web pages at random, and will pull ads from Google to make the malware creators some profit. The apps all connect to a command server, which means that they can use their administrative privileges to do just about anything, though it's worth noting that none of the variants Symantec has found have actually received further instruction from the server as of this writing.

While identity theft and selling user data can be extremely lucrative, it seems like all this malware is set to do is serve ads and other unwanted content to make the malware's creators a quick buck. This behavior is annoying, to be sure, but not entirely dangerous in and of itself. Users are still cautioned to be very careful of what they download, and to stick to the Play Store when possible, even if its protections aren't infallible. Just about any mobile antivirus program that gets administrative privileges on your device, such as Lookout or Symantec's own solutions should be able to remove any malware in the Android.Reputation.1 family, seeing as the codebase has not changed since 2014.


Share this page

Copyright ©2018 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments