There is a common misconception that you don’t need an antivirus app for your android device. “It eats too much RAM!” – they say, and that’s true, but the alternative is way worse. You can loose your personal or credit card data, or both like in the wake of the last year's “Godless” outbreak. This week’s spooky tale comes from researchers at the University of Michigan, who have discovered that there are more than 400 apps currently available for download from Google Play, that leaves back doors open for malware attacks.
Open port malware attacks
UM Researchers have developed a custom set of tools to analyze the vulnerability of Play Store apps. They marked 410 apps of the selected bunch as prone to open port malware attacks. Those apps contain tiny flaws in the code – around a thousand in total – that can potentially lead to personal data theft or discreet malware installation. The most shocking thing is that these apps already have dozens of millions of downloads. The complete list has not yet been released to the public, but the researchers have already notified Goggle and the developers of the apps in question. We are sure that all these apps will get necessary updates to tackle the issue very soon. The precedent, however, is very alarming, as it means that Google’s preliminary security check is not as thorough as we previously thought.
Music that hurts
Those were just tiny vulnerabilities, but there are apps in the Play Store that can be classified as straightaway malware, such as the infamous Super Free Music Player. This tiny app, masquerading as a simple android player, was downloaded for up to 10.000 times since late March and remained active until very recently. Richard Yu, a security researcher from SophosLabs, reported the app as containing parts of the code, similar to the 2015’s BrainTest malware. When installed the app gets access to the smartphone’s root catalog, leaks your personal data – mainly logins and passwords – and triggers an endless flow of adverts that you can’t turn off. The app is now down and deleted from the Play Store but the damage has already been done.
Thousands of new applications are uploaded to Google Play Store daily and not all of them are ‘clean’, even though Google tries to keep the security algorithms relevant. We strongly recommend that you read our small guide on how to avoid malware on Android, and make sure to have a decent antivirus running at all times. Mobile Security & Antivirus or, say, CM Security Antivirus App Lock should do the trick just fine. The rest is up to you. Just stick to official sources, Google the app first and update the system regularly. Stay safe!