Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google Play faces cat and mouse game with sneaky Android malware

Michael Kan | March 27, 2017
Hackers constantly try to slip malware into the Google Play store, and they succeed.

Google Play frontpage

What’s the best way to avoid Android malware? Downloading all your apps from the Google Play store -- where software is vetted – is perhaps the best advice.  

But that doesn’t mean Google Play is perfect.

Security researchers do find new Android malware lurking on Google’s official app store. That’s because hackers are coming up with sneaky ways to infiltrate the platform, despite the vetting processes that protect it.

"Eventually, every wall can be breached," said Daniel Padon, a researcher at mobile security provider Check Point.

To be sure, most Android users will probably never encounter malware on the Google Play store. Last year, the amount of malicious software that reached the platform amounted to only 0.16 percent of all apps, according to a new report from Google.

That's contributed to relatively tiny malware infection rates across the 1.4 billion Android devices in use today.

But when a bad app does slip in to the Play store, it can spread. Check Point has been among the security firms on the watch for new android malware.

Earlier this year, it uncovered over 20 apps on the Google Play store that contained malicious coding designed to generate fraudulent ad revenue for its creators. The infected software was downloaded several million times. 

Months before, Check Point found another malware strain that was embedded in dozens of different apps on the store. The malware was designed to enslave devices in a botnet and appeared to infect between 500,000 and 2 million devices.

figure 1 dresscode
Trend Micro. Android malware called DressCode spread through dozens of apps on Google Play last year.

So how does the malware get in? Every app that goes through Google Play is first scanned for any harmful behavior, which includes checking the coding and running it in a virtual environment.

But even so, malicious processes can be tricky to detect, Padon said. For instance, hackers will incorporate a "dropper" into a seemingly benign app. The dropper will act as a time-bomb, staying silent but downloading additional malware at a later time.

In other cases, hackers have been found hiding malicious coding by using encryption, surrounding it with meaningless commands, or designing the harmful processes to remain inactive when run on a virtual machine.   

Padon said the internet giant could be doing more to vet apps. The problem, he claims, is that Google relies too much on automated testing to root out the problem.

"It might be the strongest behavioral analysis engine on the planet," Padon said. But testing each app on a real, human-operated device is still the best way to detect malware, he said.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.