Story image

ESET warns of fake apps bypassing Google Play security

09 Oct 15

Android users downloading cheat apps for popular games Pou and Subway Surfers have been getting more than they planned for, with security vendor ESET revealing that fake cheat apps have bypassed Google Play security and been installed more than 200,000 times in a month.

ESET says the fake apps pose as popular game cheats, such as Cheats for Pou, Guide for SubWay and Cheats for SubWay. The app ‘aggressively’ displays adverts every 30-40 minutes, disrupting normal use of the Android devices.

The apps, detected as Android/AdDisplay.Cheastom by ESET, deploy a number of techniques to evade detection by Google’s Bouncer technology which is supposed to prevent malicious apps from entering the Google Play store.

The security vendor says the apps also contain self-preservation code to make their removal more complicated.

Lukas Stefanko, ESET malware researcher, says the ad-displaying apps attempt to hide their functionality from security researchers by deploying techniques which succeeded and saw the apps being downloaded more than 200,000 times in a single month.

“The anti-Bouncer technique used by these apps obtains the IP address of a device and accesses its WHOIS record,” Stefanko says.

“If the information returned contains the string ‘Google’ then the app assumes it is running in Bouncer. Should the app detect an emulator or Google Bouncer environment, the ads are not displayed. Instead, the app will simply provide game cheats, as expected.”

When users realise the apps are exhibiting 'very unusual behaviour' and try to uninstall them, they find it 'far from easy' ESET says. The apps will ask users to activate the device's administrator rights, making it difficult to remove the AdDisplay threat.

ESET software will remove the threat, otherwise it needs to be done manually.

ESET says after deactivating device administrator, applications can be uninstalled by going to Settings, selecting Apps/Application manager and then selecting the offending app.

After ESET notified Google of the apps, they were removed from the Google Play store.

Stefanko says while it’s good Google has removed the apps ‘it is clear that more attempts will be made to bypass Bouncer and spread apps containing undesirable code’.

Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
Kordia launches Women in Tech scholarship at the University of Waikato
The scholarship is established to acknowledge and support up-and-coming female talent and future technology leaders.