You are currently viewing Android malware disguises itself as a Settings app

Android malware disguises itself as a Settings app

Bitdefender security experts have just detected 35 Android apps on the Play Store containing particularly vicious malware, which hides in the settings to be undetectable. Smart and efficient!

Be careful about the applications you download on your Android smartphone! Even though Google has many tools to remove infected applications from its Play Store, hackers are constantly developing new strategies to circumvent them. Recently, BitDefender’s cybersecurity specialists discovered 35 infected applications in the Google store, which together total some 2 million downloads – and as many potential victims. The purpose of these apps is to flood you with advertisements without your knowledge. Intrusive ads, which abuse WebView – a software component that allows Android apps to display web content. Although advertising may not seem dangerous, it can quickly become very annoying – so try browsing the Internet with an advertising page that opens every 30 seconds… – and can even be directly linked to malware – and therefore lead to more sneaky malware, which can siphon off your personal and banking data. What’s worse is that these rogue apps use a range of clever and sophisticated techniques that make them virtually undetectable.

Almost undetectable malware

As Bitdefender explains, these applications have several malicious methods to hide themselves. Thanks to Google’s legal APIs, these developers have found a way to completely deceive users. Thus, infected applications mask their presence so as not to be uninstalled, most changing their name and logo to pretend to be the most legitimate and innocent applications. For example, the GPS Location Maps application – which has already accumulated more than 100,000 downloads despite the absence of user reviews… – apparently transforms into a Settings application and erases the original. If you open it by naturally pressing its icon, you are directed to the real settings of Android and your mobile. But meanwhile, the infected app is running in the background and displaying websites and advertisements. Some go so far as to request permission to appear on other applications in order to quietly reap profits by simulating clicks.

© Google Play Store

To avoid being spotted, these rogue apps make sure they don’t appear in the list of most recently used apps on Android – which could possibly arouse your suspicion. However, dodging the user’s vigilance is one thing, but overriding the defenses of the Play Store is another. To do this, hackers first put a so-called legitimate version online – therefore without any malware – before injecting malicious code via an update. Additionally, the hackers hide the core Java code in two encrypted DEX files – a format that allows executables to be stored on Android devices. In short, professional work, which manages to thwart the barriers of Google.

35 new infected apps detected on the Play Store

Here is the list of infected applications detected by Bitdefender, some of which are still present on the Play Store.

  • Animated Sticker Master
  • Art Filter – Deep Photoeffect
  • Art Girls Wallpaper HD
  • Big Emoji – Keyboard
  • Cat Simulator
  • Colorize Old Photo
  • Colorize Photos
  • Create Sticker for Whatsapp
  • EffectMania – Photo Editor
  • Engine Wallpapers – Live & 3D
  • Fast Emoji Keyboard
  • Girls Art Wallpaper
  • GPS Location Finder
  • GPS Location Maps
  • Grad Wallpapers – 3D Backgrounds
  • Image Warp Camera
  • Keyboard – Fun Emoji, Stickers
  • Led Theme – Colorful Keyboard
  • Math Solver – Camera Helper
  • Media Volume Slider
  • My GPS Location
  • Personal Charging Show
  • Phi 4K Wallpaper – Anime HD
  • Photopix Effects – Art Filter
  • QR Creator
  • secret astrology
  • secret horoscope
  • Sleep Sounds
  • Smart GPS Rental
  • Smart QR Creator
  • Smart QR Scanner
  • smart wi-fi
  • Stock Wallpapers – 4K & HD
  • Volume Control
  • Walls light – Wallpaper Pack
One of the corrupt apps © Google Play Store

Poisoned apps: signs that should alert

Bitdefender specialists have noticed that all malicious app developers usually only have one app offered on the store. Moreover, the email addresses and websites associated with the developers look alike, leading them to believe that all these apps are the work of a single group or even one developer. Another alarm signal: the absence of user reviews despite a large number of downloads – at the same time, how to rate an application that does not appear on your smartphone? That’s why you have to keep in mind that just because you download an app from the official Google store, it doesn’t mean it’s safe.

A few precautions should therefore be taken. Don’t install apps you don’t really need and don’t forget to delete the ones you no longer use. If an app asks for special permissions that it theoretically doesn’t need—a sticker app doesn’t need your geolocation—beware immediately. Finally, it is better to have an antivirus in the background to check a second time that malicious behavior is not at work in the shadows…