Story image

ESET warns of fake apps bypassing Google Play security

09 Oct 2015

Android users downloading cheat apps for popular games Pou and Subway Surfers have been getting more than they planned for, with security vendor ESET revealing that fake cheat apps have bypassed Google Play security and been installed more than 200,000 times in a month.

ESET says the fake apps pose as popular game cheats, such as Cheats for Pou, Guide for SubWay and Cheats for SubWay. The app ‘aggressively’ displays adverts every 30-40 minutes, disrupting normal use of the Android devices.

The apps, detected as Android/AdDisplay.Cheastom by ESET, deploy a number of techniques to evade detection by Google’s Bouncer technology which is supposed to prevent malicious apps from entering the Google Play store.

The security vendor says the apps also contain self-preservation code to make their removal more complicated.

Lukas Stefanko, ESET malware researcher, says the ad-displaying apps attempt to hide their functionality from security researchers by deploying techniques which succeeded and saw the apps being downloaded more than 200,000 times in a single month.

“The anti-Bouncer technique used by these apps obtains the IP address of a device and accesses its WHOIS record,” Stefanko says.

“If the information returned contains the string ‘Google’ then the app assumes it is running in Bouncer. Should the app detect an emulator or Google Bouncer environment, the ads are not displayed. Instead, the app will simply provide game cheats, as expected.”

When users realise the apps are exhibiting 'very unusual behaviour' and try to uninstall them, they find it 'far from easy' ESET says. The apps will ask users to activate the device's administrator rights, making it difficult to remove the AdDisplay threat.

ESET software will remove the threat, otherwise it needs to be done manually.

ESET says after deactivating device administrator, applications can be uninstalled by going to Settings, selecting Apps/Application manager and then selecting the offending app.

After ESET notified Google of the apps, they were removed from the Google Play store.

Stefanko says while it’s good Google has removed the apps ‘it is clear that more attempts will be made to bypass Bouncer and spread apps containing undesirable code’.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.