Kaspersky: Dangerous Trojan being distributed through app via malicious advertisement program
Kaspersky experts warn about a malicious version of a popular app for the creation of PDF images, which was distributed through the Google Play, the official store for Android based applications. The app contained mechanisms for downloading malware to the users’ devices. As a result, victims could find themselves subscribed to paid services which they did not request. According to the platform’s statistics, the app has been installed more than 100 million times. Google Play Store has immediately withdrawn the app following Kaspersky’s notification of the malicious content.
While researching the compromised app, Kaspersky researchers discovered a malicious ‘dropper’ – a shell that brings a malware – that was there to introduce a malicious downloader on the user’s device. This downloader, was then used to download malicious files onto the user’s smartphone. The functionality of these malicious files varied depending on the intentions of the malware developers, but the samples analyzed by Kaspersky researchers displayed intrusive ads and signed the user up for paid subscriptions.
Shortly after removal from Google Play, the developer of the app published a statement (https://twitter.com/CamScanner/status/1166733219841986561) stating that the incident happened due to third-party advertisement provider.
“It’s not often that we see an app with a loyal user base and such a large number of installations is distributing malicious components. Given the positive reviews on the Google Play app page and the fact that security researchers did not previously detect malicious activity, it looks like the malicious modules were added into the app with one of its updates. In a nutshell, this is yet another example of the fact that it is important for consumers to reliably protect your devices even if you use only official sources to download software”, said Igor Golovin, a security researcher at Kaspersky.
To stay safe, Kaspersky recommends:
Remembering that even the apps from official stores with a loyal user base can be modified and include malicious elements
Installing system and application updates as soon as they are available – they patch vulnerabilities and keep devices protected
Using use a reliable security solution for Android and scanning your smartphone from time to time, to make sure it stays protected
Read the full report on Securelist.com