A sneaky crew of 13 apps with relatively high ratings have vanished from the Play Store after security researchers discovered their hidden motives.
Lookout uncovered a batch of apps that are part of a malware family known as the Brain Trust. Apps with this vulnerability are able to gain root privilege to your device and, like cockroaches who survive a mass extinction, live on even if you perform a factory reset.
The apps had another scheme: they were able to assign themselves good reviews using the infected devices. This is how games like Cake Tower and Honey Comb were able to amass an average review score of 4.5 stars.
Cake Tower and Honey Comb offered malware disguised as harmless treats. Credit: Lookout Blog
According to Lookout, the developers behind the malware were patient at choosing which type of apps to install and finding ways to gain access to more users. It’s a rather scary scenario, as those who stick to the Play Store are generally able to avoid such security problems.
Lookout published the full list of apps that were kicked out:
Lookout uncovered a total of 13 apps using the Brain Trust vulnerability. Click on image to enlarge. Credit: Lookout Blog
If you downloaded one of the aforementioned apps, you can use the Lookout Security app to scan your phone and see if it’s infected. Lookout recommends downloading and flashing a stock ROM to get back to safety since the malware can survive a factory reset. If that’s above your skill level, then you’ll need to get in touch with customer support from your phone's manufacturer.
Why this matters: It’s rather curious how these apps were able to sneak through. The Play Store used to be a free-for-all, but now Google pre-screens and tests apps just like Apple does with the App Store. However, security is always a cat-and-mouse game, and Google will likely learn from this incident and develop some new protocols for catching this vulnerability.
Sign up for Computerworld eNewsletters.