SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Malware
#
CIOs
ESET warns of fake apps bypassing Google Play security
Fri, 9th Oct 2015
FYI, this story is more than a year old
Author image
By Heather Wright, Contributor
Follow us

Android users downloading cheat apps for popular games Pou and Subway Surfers have been getting more than they planned for, with security vendor ESET revealing that fake cheat apps have bypassed Google Play security and been installed more than 200,000 times in a month.

ESET says the fake apps pose as popular game cheats, such as Cheats for Pou, Guide for SubWay and Cheats for SubWay. The app ‘aggressively' displays adverts every 30-40 minutes, disrupting normal use of the Android devices.

The apps, detected as Android/AdDisplay.Cheastom by ESET, deploy a number of techniques to evade detection by Google's Bouncer technology which is supposed to prevent malicious apps from entering the Google Play store.

The security vendor says the apps also contain self-preservation code to make their removal more complicated.

Lukas Stefanko, ESET malware researcher, says the ad-displaying apps attempt to hide their functionality from security researchers by deploying techniques which succeeded and saw the apps being downloaded more than 200,000 times in a single month.

“The anti-Bouncer technique used by these apps obtains the IP address of a device and accesses its WHOIS record,” Stefanko says.

“If the information returned contains the string ‘Google' then the app assumes it is running in Bouncer. Should the app detect an emulator or Google Bouncer environment, the ads are not displayed. Instead, the app will simply provide game cheats, as expected.

When users realise the apps are exhibiting 'very unusual behaviour' and try to uninstall them, they find it 'far from easy' ESET says. The apps will ask users to activate the device's administrator rights, making it difficult to remove the AdDisplay threat.

ESET software will remove the threat, otherwise it needs to be done manually.

ESET says after deactivating device administrator, applications can be uninstalled by going to Settings, selecting Apps/Application manager and then selecting the offending app.

After ESET notified Google of the apps, they were removed from the Google Play store.

Stefanko says while it's good Google has removed the apps ‘it is clear that more attempts will be made to bypass Bouncer and spread apps containing undesirable code'.

Related stories
Avocado Consulting expands partnership with CyberArk
Watch out! There are hidden dangers lurking in your PDFs
Can misconceptions derail the effectiveness of operational resilience?
Mako boosts defence against cyber attacks with Radware's protection services
Appdome, Atlassian to automate secure mobile app delivery
Top stories
Check Point boosts email security with new AI-powered features
SentinelOne makes it to CRN's inaugural AI 100 list
Upwind fortifies Cloud Security Platform with identity security
Genetec unveils Security Center SaaS for cloud & hybrid deployments
IBM strengthens cyber resilience alliance with Cohesity