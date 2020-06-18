If you have one of these 38 apps on your mobile, uninstall it as soon as possible.

A total of 38 applications which added more than 20 million installations through Google Play, have been deleted by Google after the specialized cybersecurity organization WhiteOps discovered a advertising fraud present in them. Among the removed applications, it was possible to find some with over a million downloads.

The operation has been named by WhiteOps as « Beauty and the (Fraud) Beast », something like « Beauty and the fraudulent beast », given that the vast majority of applications with malicious code focused a large part of their functions on beauty and filters for selfies. Currently, they have already been removed, although it is very likely that they are still installed on the devices of a good number of users around the world.

38 apps with more than 20 million downloads hiding malicious code

As the WhiteOps investigation has concluded, there were three types of fraud that the applications carried out once installed on the devices of their victims. First of all, applications took advantage of show ads in different parts of the operating system when applications were not running in the foreground. On the other hand, they launched Attempts to navigate to URLs received by the control servers. Finally, the applications contained the necessary code to remove malicious app icon from app drawer, thus hindering the uninstallation process.

Another curious fact of this operation is the use of Arabic verses taken directly from the Koran as an obfuscation method for application code.

The first of the applications that were part of this operation was published on Google Play in January 2019, and from that moment, the creators published a new app every 11 days, although most of them were eliminated, on average, only 17 days after publication. However, during that time many of them were able to knead hundreds of thousands of installations, with an average of more than 500,000 downloads.

When the month of September arrives, There were already 21 malicious applications removed from Google Playso the creators decided build a more robust attack method that prevented Google Play Store systems from detecting malicious code. Thus, a total of 15 applications published using this technique were more difficult for Google to detect and eliminate.

Finally, two other applications were published in November, curiously, with much – though not all – of the malicious code disabled. From WhiteOps they have the theory that the creators decided keep these apps free from fraudulent code with the aim of achieving some popularity in the Google Play Store before proceeding to activate these functions and thus take more advantage of them, once the user base was large enough. In the video on these lines, you can see in more detail the operation of these apps, capable of run ads full screen when the app isn’t even in the foreground.

On the other hand, WhiteOps have published the full list of infected apps, made up of a total of 38 apps that reached the total number of 20,370,000 downloads through Google Play. Today, all of them have been removed from the store by Google. The last withdrawal of apps occurred on June 3.

East It is not the first case of malware present in Google Play that comes to light in 2020, and I am very afraid that it will not be the last. A recent study made it clear that Google has a problem with malware in its app store, while another confirmed that about 7% of the applications present in Google Play have back doors. Fortunately, the company continues to improve the platform’s security measures with each new version of Android, and everything points to Android 11 being the safest version to date. Now all that remains is for manufacturers to update their mobiles.

