Recent research by two companies reported a couple of malware apps in the Google Play Store. Earlier, there were a couple of them reported, and now these two add more to a growing list.
The apps – Bankbot and Bubble Shooter Wild Life – take advantage of the Android Accessibility Service feature.
The team at SfyLabs found a suspicious looking Bankbot APK, and on further investigating it, it was revealed that app in the Google Play Store triggered the second APK for malware function. It also looks like the person behind this app is an avid game developer.
The app looks pretty straightforward, and only when diagnosed deeper did it turn out to be suspicious. To perform the action, the app obtains access and, once the access is enabled, it displays a screen saying that it is performing a Google update. This is just to keep the user informed that action is happening in the background and not to interrupt.
The second app, Bubble Shooter Wild Life, takes advantage of the Android Accessibility Service feature as well. After analysis, the team confirmed the app to be malicious and capable of abusing Android’s Accessibility permission to install additional apps without user’s permission.
SfyLabs and Zscaler reported that they found the apps on Google Play Store and that they are called Earn Real Money Gift Cards and Bubble Shooter Wild Life. Both apps are created by the same author, and the apps are protected using Allatori Obfuscator. Recent malware families have started using obfuscators, packers, and protectors to hide from analysis by security researchers and malware detection systems. Both companies said they have reported about the app functions to Google.
Javvad Malik, security advocate at AlienVault, told SC media UK that a lot of these attacks are using newer obfuscation techniques to bypass Google’s security checks.
The companies, during the research, noted that the apps are not fully functional as they failed to work at different points, indicating that the malware sites could be under development. The investigation reported that the malware app appears to be a normal and fun game to the average user, but it can spread rapidly through a simple campaign on social media.
With news on malware apps appearing more frequently in the Google Play store, it alerts Google to raise the security bar to ensure that the Play Store remains, by and large, a trusted repository.