New multi-stage malware shows up on Google Play Store


Security researchers at ESET have released a report concerning a new type of malware found on the Google Play Store that appears to use a sophisticated means of flying under the radar to avoid detection. The malware in question was dubbed Android/TrojanDropper.Agent.BKY and eight apps were found in the Google Play Store containing the malicious code.

Google has removed all eight apps from the store and researchers point out that the removed apps only had a few hundred downloads a piece, so this wasn’t as large a spread as some of the previous malware invasions we’ve reported on. ESET notes that this malware family’s specific anti-detection features are the most interesting part of the story.

Once the apps were downloaded and installed, they don’t request suspicious permissions and the app even performs as the user would expect. The app instead decrypts and executes several different payloads in a type of Russian nesting doll code execution in an effort to obfuscate the malware’s true purpose. Check out this basic outline of how the malware gets unaware users to install a truly malicious app while bypassing Google’s security checks.

Researchers note that the app that’s downloaded and executed by the second-stage payload is usually disguised as a well-known product like Adobe Flash Player or simply “Android Update.” Once this app gets all the permissions it needs to install the fourth payload, researchers found a banking trojan that attempts to phish usernames and passwords.
Writer, gamer, and classical music whistler. I have an undying love of indie games and unique apps.

    Save 10% off Anker’s two new wireless charging accessories [DEAL]

    Previous article

    Apple has reclaimed the top spot in the wearable market for Q3 2017

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *

    More in Apps