[ad_1]
Once the user has downloaded the application, the executed code hides its icon and displays full screen ads (which is similar to a problem discovered last month). Ads do not indicate which app triggers them and they are displayed even when the malicious application is closed. Users therefore have no way of knowing which one to delete. Symantec cites the monetary gain generated by ad revenue as the likely motivation for malware protection tactics.
Given the similarity of the applications, Symantec believes that they may have been created by a single organization. The application lists on the Play Store are also pretty sneaky: the organization publishes two versions of the same application, one being a benign version and the other the malicious software version . The unaffected version can appear in the top rankings or in the trend category, but when users search for the application manually, they have a 50% chance to download the variant triggering the advertisement.
Where this wave differs from previous batches of malicious programs is how application icons are hidden. The programming that hides the applications is not hard-coded. Instead, a remote switch is embedded in the configuration files, which means that Google's security tests do not detect this aspect of the code.
Symantec and other security companies are frequently discovering new malware practices on the Play Store, raising the question of Google's responsiveness. It may well be that Google has implemented effective security practices, but applications like these continue to fall through the cracks. Even so, additional steps are needed to better protect Android users from malware and adware.
[ad_2]
Source link