Kasperskey, a leading anti-virus security has found two malicious apps on the Play Store that put your privacy at risk. The two malware apps have disguised themselves as applications that can help clean up your Android device, however the actions SuperClean and DroidCleaner perform do nothing of the sort.
After an Android device with either of the two applications installed is plugged into a Windows PC, the apps download files straight to the PC that automatically start-up each time the device is plugged in.
Once executed, the program opens up an instance of the Windows audio recorder and will then record sound from your microphone before being packaged up and sent to the malware distributor. It has been found that the program would only start up on PCs with older versions of Windows on, or newer versions where a user has manually turned on the AutoRun feature. But according to Kapersky, that is a ‘Broad Group.’
“A typical attack victim is the owner of an inexpensive Android smartphone who connects his or her smartphone to a PC from time to time, for example, to change the music files on the device. Judging by the sales statistics for Android smartphones, I would say that such people are quite numerous. For the attack to be more successful, it only lacks a broader distribution scheme.” – Extract from Kapersky’s blog.
It’s unknown what the Malware distributor had in mind for the files the programs can receive from Windows PCs, however the application also allows the ability to send SMS messages, toggle WiFi, opening up links in the browser, as well as uploading and deleting SMS messages and contacts, photos or co-ordinates from the Android device, among other tasks.
The two malicious apps have since been removed from Google Play, however using caution when browsing the internet and downloading apps is always smart. While the vast majority of Android malware is from 3rd party app stores, this is one of the rare occurrences where malware managed to slip past Google’s security measures. Do you think Google should step up Google Play security or is this just a rare occurrence that is hard to completely prevent?