Data-Stealing Malicious Apps Found in Google Play Store
Another day, another security scare for Android users. Hot on the heels of yesterday’s Pokemon Go malicious app news, researchers have uncovered more rogue apps in the Google Play Store.
Researchers from Lookout’s Security Research & Response team identified a piece of spyware hiding in four apps available in Google’s official app store. The spyware has been dubbed Overseer, and is capable of stealing “significant amounts” of personal data from users.
This data includes: The user’s contacts, including name, phone number, email, and times contacted; all user accounts on a compromised device; precise location, including latitude, longitude, network ID, and location area code; free internal and external memory; Device IMEI, IMSI, MCC, MNC, phone type, network operator, device and Android information; and details of installed packages, Lookout researchers outlined in a blog.
Lookout says the spyware specifically targets foreign travellers; one app it was found hiding in was designed to help travellers find their country’s embassy when abroad. Overseer was also found in Russian and European news apps.
What’s worth pointing out about this malware is how it communicated with its command and control center. In this case, the C&C was running on Facebook’s Parse Server, which is hosted on Amazon Web Services. This means that the traffic between the spyware and the C&C looks legitimate, and would be less likely to be stopped.
Lookout didn’t release any details of how many downloads the apps had, or how many devices were potentially affected. Google has removed the apps from the Google Play Store.
This is the latest in a long list of malicious apps to target Android users. Most recently, Kaspersky researchers found a rogue app disguised as a Pokemon Go guide. That app was capable of installing and uninstalling apps and displaying adverts.
Unofficial Android app stores have long been criticized for the number of malicious apps that appear in them, and Android malware is rapidly becoming a big problem for users and businesses alike. It is advisable to only download applications from the official Google Play Store, although as this shows, that too is not safe from malware.
Photo © Alexander Supertramp/Shutterstock.com
Source: Information Security Magazine