Google Removes 2 Apps From Play Store That Carried Trojan Attack

Google removed two apps from its Google Play Store that contained trojans that attempted to gain root access to infected devices.

Google has removed two Android apps from the Google Play Store containing malicious code that could have allowed an attacker to gain root access to infected devices.

The two apps, Magic Browser and Noise Detector, both managed to evade detection from Google’s own malware scanner and were downloaded onto thousands of devices before being flagged by security researchers at Kaspersky Lab.

Read: FalseGuide Android Malware: More Than 600,000 Phones Turned Into Money-Generating Botnet

Magic Browser was the more successful of the two apps, achieving more than 50,000 installations and more than 180 mostly positive reviews since first appearing in the Google Play Store on May 15. The app looked like and operated similarly to Google’s own Chrome browser.

The other app, Noise Detector, supposedly could measure noise and determine its decibel level. It appeared in the Google Play Store on May 20 and was downloaded more than 10,000 times before being removed by Google.

Both apps, Kaspersky Lab researcher Roman Unuchek said, were vehicles for the Ztorg Trojan, a piece of malicious software that has become a more prominent threat to Android devices in recent months.

In a typical Ztorg Trojan attack, the virus will collect information about the user of an infected device and send it to the command and control server operated by the attacker. Once the command is given the trojan starts to hijack the victim’s SMS messages, deleting incoming texts before they are read and sending out texts that attempt to infect other users.

Read: Android Malware: Apps In Google Play Store Spread 'Judy' Adware Attack To Nearly 40 Million Phones

Kaspersky Lab said the Magic Browser app contained 11 instances of code designed to send text messages. The app would hide the activity by opening links to advertising websites that would provide cover.

The apps were updated with interchanging code, sometimes malicious and sometimes innocuous, to disguise its true activity. While it is believed the original intent of the attacker was eventually to gain root access to the infected devices — essentially providing complete and unchecked control over the phone or tablet — it did not appear the attack had gotten that far.

The removal of Magic Browser and Noise Detector mark the second time this month Google has had to kick apps out of the Google Play Store for containing a trojan.

Earlier this month, Google removed a puzzle game that contained the rooting trojan Dvmap. If downloaded onto a device, the trojan was capable of infecting a victim’s device and gaining full access to the device. That attempted attack utilized the same “on and off” method of switching between clean and malicious code to keep the app in Google’s official marketplace.

Unfortunately for Google — and for Android users — malware in the Google Play Store has become a growing concern. This year, more than 600,000 devices were infected by apps posing as game guides in an attack that created a money-generating botnet from compromised Android devices.

Another attack known as Judy managed to infect as many as 40 million devices through more than 40 compromised apps that were found in the Google Play Store.

Related Articles