A security researcher used Twitter to warn users about about malware embedded in fake apps available on Google Play. Lukas Stefanko, malware researcher at ESET, reported the malicious apps to the Google security team, noting that 13 apps have been installed more than 560,000 times.
While the app downloads, an additional Android Package Kit (APK) called Game Center downloads in the background, which then requests that the user install it. According to Stefanko, once the APK is installed, it hides itself and displays ads when the device is unlocked.
Malicious actors are able to deliver malware to a victim's phone through application repackaging, often by combing screen overlay attacks to fool users into installing malware payloads because they think the requests are legitimately connected to the app they are downloading.
Attackers hijacking applications is nothing new, according to Will LaSala, director of security solutions, security evangelist at OneSpan. "Application repackaging has been on the rise for a while now. Earlier this year it was reported that applications were being hijacked to install cryptocurrency miners.”
After governments addressed the process of the cryptocurrency conversion, it became more difficult for people to cash out anonymously, LaSala said.
“However, these repackage attacks did not stop; instead they got more sophisticated and refocused on other valuable data that can be converted to money just as quickly. New repackaging attacks make common or simple apps into nefarious payload delivery applications.
“These malware apps focus on harvesting credentials and injecting libraries that can cause applications to deliver sensitive information directly into the hands of the hacker. If your application becomes the target of one of these repackaging attacks, it will affect your brand’s reputation and may cause users to turn to competitors. Besides root and jailbreak detection, applications on iOS and Android should protect themselves with application shielding technology that detects and actively prevents repackaging,” LaSala said.