Malicious Android Apps Harvest Data, Bombard Users with Spam & Track User Locations

Thirty-six apps that were available via Google Play were recently found to harvest user data, track the location of users and bombard users with spam. Trend Micro notified Google of the issue and all of the apps have been removed from Google Play. Excluded devices are: Google Nexus 6P, Xiaomi MI 4LTE, ZTE N958St and LGE LG-H525n.

The malicious apps posed as security tools and advertised a wide variety of services including, scanning, cleaning junk, message security, wifi security . . .etc. It appears that the apps were able to perform the advertised functions but also harvested data, bombarded users with spam and tracked user locations.

According to Trend Micro, the tell-tale sign of the installation of one of these malicious apps was that following installation, the apps will not appear on the device launcher’s list of apps, nor will shortcuts appear on a device’s screen. However, users receive alarmist/false security warnings and pop-up messages which lend a sense of legitimacy to the apps. If you installed a security related app on your device from Google Play and your device is behaving in the above-described manner, we recommend that you consult with your device manufacturer and perform a wipe of the device.

For more information, please see: http://blog.trendmicro.com/trendlabs-security-intelligence/apps-disguised-security-tools-bombard-users-ads-track-users-location/

Our recommendation with respect to the installation of mobile apps continues to be to download apps only from trusted sources, such as Google Play & Apple’s App Store. These sources do screen offered apps, but it’s not a foolproof process. Additionally, it is further recommended that:

  • only known and trusted apps which have many positive user reviews/comments should be installed.
  • permissions granted during the app install process are carefully reviewed, and that you always grant the minimum permissions/access necessary.
  • update apps frequently as updates become available. Updates will address known security vulnerabilities.