Google is well aware of the threat to the Play Store from malicious applications, that is those containing malware or even a virus. The general definition of “malware” is the application or service doing something that we, the user or customer, did not want or authorise. Many Android devices have a basic defence mechanism turned on by default, which is the option to forbid non-Play Store applications from being installed onto the device. Some manufacturers request that this switch is toggled off to allow so that their own application stores are able to work on their devices, so this is hardly a foolproof way of preventing customers from installing an application from a website. The second part of this malware protection relies on the Google Play Store’s “Bouncer” feature, that is, anti-malware code designed to spot malicious applications as they are entered into the Play Store. Unfortunately, Google’s Bouncer system is not perfect as ESET researcher, Peter Stancik, and his team have discovered.
According to a report, the team discovered almost 350 malicious Android applications containing similar malicious code uploaded into the Google Play Store since August 2015 – around ten a week are uploaded. Many of these applications are said to be capable of hijacking a device and placing fraudulent clicks onto pornography website adverts; the fraudulent click issue is bad for legitimate marketing platforms. The average number of downloads per application is around 3,600, but the data is skewed because a small number of applications have benefited from many downloads.
ESET have said that these applications represent a “true campaign” because the malware belongs to the same family of code. To date, victims’ devices have used more data than would otherwise be expected but it appears that no data has been stolen. It appears that the malware does not attempt to steal passwords and online banking information, as some malicious apps do. Because the malware is currently undetected by the Google Bouncer system, so criminals are still able to upload compromised applications into the Play Store. And whilst ESET have criticized Google for not disclosing how their Bouncer system works, it is unclear if they have provided Google with information on the malicious code discovered in these near-350 applications. However, with the compromised applications largely consisting of the name of a popular game but being made free of charge in the title, there are definite warning signs for customers: the message is to check what you are downloading before you install the application, as the malware arms race between malicious developers and Google is not going to end any time soon.