Five Apps Removed from the Google Store that you should be on the lookout for!
YouTube Summary Link: https://youtu.be/-U2LtuHiKwQ
The Dr. Web antivirus team discovered five apps whose only goal was to trick people into downloading them, and then these apps launched their scamware on user devices. Initially available on Google Play, these malware-laden apps are designed to trick users by promising them productivity tools. Google Play has removed these apps. Users must review installed apps on their devices and remove these apps immediately to safeguard their private data.
Scamware
Scamware is software that poses as legitimate but is really nothing more than a piece of malware waiting to wreak havoc on your computer or device. Some of the more recent scamware is advertised on TV in a paid attempt to get you to download it. Ads give scamware the look of legitimacy by providing testimonies, using celebratory images, etc. But keep in mind that anyone can craft an ad, pay for that ad, and have it played on television or posted on various websites. Consider that if a scammer is making a lot of money, they can also afford costly ads to incite others to download their malevolent software.
In a Dr. Web blog post, the company notes that attackers appeal to users by having images of famous people and businesses and falsely make “loud statements” (claims) about the results of the ability to make money from these apps. Dr. Web reports that ads shown to users promise potentially high-income steam (“‘We grant ten free shares,’ ‘Earn while you are still learning, ‘I will give you 100,000 USD if you are not a millionaire in 6 months, and more”). Further, these apps are attributed to Russian users and hacking teams. The ads also contain embedded Russian phrases like ‘The entire country against sanctions.’
Embedded Trojan
Dr. Web has also found that these apps are embedded with Android.FakeApp trojan family. These fake apps are designed to get users to participate in dodgy surveys, register accounts, and submit applications to collect their personal information.
TubBox
As noted earlier, the apps, which have a collective 2 million downloads, promise to deliver productivity tools but load ads onto the user devices and scrape personal information from the device. For example, the TubBox app has more than a million downloads and is the largest of the five apps discovered by Dr. Web to be scamware. TubeBox launches ads that vow to help users make money by watching videos and other ads. TubeBox promises users a cut of advertising rewards if they assist in managing ads in the app. When users attempt to redeem their rewards, they run into additional bugs and errors in the app that prevent them from claiming revenue. Only those users who can work around the embedded bugs will receive their funds.
Dr. Web also notes that the creators of the TubeBox app intentionally try to string their victims along for as long as possible so that they will continue watching videos and other ads, which earn money for the fraudsters, but not those who have installed the app on their device.
Aside from TubeBox, four additional scamware apps are:
- “Bluetooth device auto-connect,” with a million downloads
- “Bluetooth & Wi-Fi & USB driver,” with 100,000 downloads
- “Volume, Music Equalizer,” with 50,000 downloads
- “Fast Cleaner & Cooling Master,” with some 500 downloads.
As an example of how The Fast Cleaner & Cooling Master app works, the app displays ads and launches a proxy server on an affected device. Third-party actors can use the proxy channel on the unsuspecting user’s device to channel traffic through it. This app has over 500,000 downloads. Users should check their devices for this culprit and remove it immediately.
Three of the five noted apps may be “containing a new adware module.” The adware module receives commands through Firebase Cloud Messaging. This module gets its control through Firebase Cloud Messaging and loads malicious websites into them, similar to other Command and Control malware. Apps affected by this malware include the previously noted Bluetooth device auto-connect, Bluetooth and Wi-Fi and USB driver, and Volume, Music Equalizer. The three apps that contain this new adware module have been installed over 1.15 million times.
Verifying to see if a Website is Fake
Before using any suspicious software from an uncertain source for verifying a company when you are downloading or purchasing software, you can use the “Scam Detector” platform to verify the website for known issues with the software provider. The link to this site is: https://www.scam-detector.com/validator/ In addition, there are other scam detector websites but this site is a predominant source of good info.
Summary
In summary, these apps attempt to persuade users to click on fishy links that embed malware onto a user’s device and steal user data. While Google removed these apps from the Play Store, users should still be on the lookout for apps they may have on their devices and remove them immediately.
References
List of Scamming Websites: https://www.scam-detector.com/article/list-of-scamming-websites/
5 Ways to Spot a Fake Website: https://www.youtube.com/watch?v=6_QX12szXTM
Website Validator: https://www.scam-detector.com/validator/
About the Author
Ron McFarland, PhD, CISSP is a Senior Cybersecurity Consultant at CMTC (California Manufacturing Technology Consulting) in Torrance, CA. He received his doctorate from NSU’s School of Engineering and Computer Science, MSc in Computer Science from Arizona State University, and a Post-Doc graduate research program in Cyber Security Technologies from the University of Maryland. He taught Cisco CCNA (Cisco Certified Network Associate), CCNP (Cisco Certified Network Professional), CCDA (Design), CCNA-Security and other Cisco courses and was honored with the Cisco Academy Instructor (CAI) Excellence Award in 2010, 2011, and 2012 for excellence in teaching. He also holds multiple security certifications including the prestigious Certified Information Systems Security Professional (CISSP) certification and several Cisco certifications.
CONTACT Dr. Ron McFarland, PhD, MSc, CDNA, CISSP
· CMTC Email: rmcfarland@cmtc.com
· Email: highervista@gmail.com
· LinkedIn: https://www.linkedin.com/in/highervista/
· Website: https://www.highervista.com
· YouTube Channel: https://www.youtube.com/@RonMcFarland/featured
