Beware! More malicious Android games found in the Google Play store According to Lookout, the apps appear to have been written by the same developers responsible for the Brain Test family of malware, which made headlines after being discovered in the Google Play store last September.
Of course, the spectre remains that there are likely to be further malicious apps, perhaps created by different developers, still lurking undetected within the official Google Play store. About the author, Graham CluleyGraham Cluley is a veteran of the anti-virus industry having worked for https://en.wikipedia.org/wiki/Android_(operating_system) a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and gives presentations on the topic of computer security and online privacy.Follow him on Twitter at @gcluley, Google Plus, Facebook, or drop him an email. Some of the apps had received as many as one million downloads, according to a blog post by security firm Lookout.
You can find out more about the malicious Brain Test app, and view some tips about how to better protect your Android device from similar attacks, in the video I have made last year about the incident, and subscribe to my YouTube channel if you wish. While the malwares primary motive is likely selling guaranteed application-installs, its flexible design could allow the developers to utilize infected devices for more nefarious purposes if they desired. Here we go again... Once again Google has found itself having to remove Android gaming apps from the official Google Play store after security researchers discovered that they were secretly making unauthorised downloads and attempting to gain root privileges.
It appears the primary goal of the malware is to download and install additional APKs as directed by the command-and-control server. The developers also used infected devices to download other malicious applications they had submitted to the Play Store, which would inflate the number of downloads each application received. Lookout identified a total of 13 malicious apps in the Google Play store: Cake Blast, Jump Planet, Honey Comb, Crazy Block, Crazy Jelly, Tiny Puzzle, Ninja Hook, Piggy Jump, Just Fire, Eat Bubble, Hit Planet, Cake Tower, and Drag Box. According to the researchers, compromised devices could be subverted into downloading further malicious apps from the Google Play store, inflating download stats, and post bogus positive reviews: High download figures and many positive reviews don't just encourage other Android users to download apps, but might also trick them into believing that the apps can be trusted. As I said at the time, there has been a long history of Android malware. Much of it has appeared on unofficial third-party sites, but with disturbing regularity malware has also sneaked its way into the official Google Play app store too, lending trojans and adware the undeserved halo of legitimacy.