Sign Me Up For
The Free Assessment

 

More Google Play Apps distributing Ztorg-Based Android Malware

Second time this month that some Google Apps are tainted with malware and removed from its Google Play Store. They are now stricter and and took immediate action against malicious apps namely Magic Browser and Noise Detector apps.

The apps are acting as conduits for attackers to remotely ‘root’ control the infected devices.
Kaspersky labs researchers has reported that the malware in these Android apps belong to a Ztorg Trojan family which is designed tro bypass Google’s safety controls and root the infected Android device.

Roman Unuchek who is a senior researcher from Kaspersky Lab’s presented the extensive analysis on the new Ztorg-based malware. This is what the have said: “Kaspersky Lab says Ztorg malware bypassed Google’s malware checks almost 100 times since September last year, and the malware family is best known for gaining ‘root’ privileges of infected devices to completely control them. Ztorg apps like Privacy Lock and a false Pokemon Go guide raked in huge download numbers before they were recognised as malicious and deleted from Google Play.”

Magic Browser presents itself as an alternative to Chrome Browser in the Google Play Store while the Noise Detector App was designed to measure decibel levels. Both of them had thousands of downloads before they were removed.

Both the apps, as we mentioned, belonged to the Ztorg Trojan family, but didn’t root affected devices before their removal. AS per Kaspersky researcher, Unuchek says the app had the Ztorg digital fingerprint, and speculates that the developers may soon have added the root ability if the apps hadn’t been removed.

It is interesting to know that the Magic Browser app has the capability to either test or use the text messaging function of the phone for malicious intent. It could send premium text messages to infected phone numbers and leave no traces behind by even deleting the incoming messages and muting the notification sound.

The Magic browser app tries to send SMS from 11 different places embedded in its code. This feature is something cyber criminals would love to have. The ability to be able to send SMS using any Android phone or device they want and be able to wipe their tracks, however, as per Unuchek this approach should not work.

Written by

No Comments Yet.

Leave a Reply

Message

[contact-form-7 id="5555" title="Mobile Form"]