Media Coverage Archive

Tuesday | May 21, 2013

By Fahmida Rashid

Android users have to be careful of malicious apps masquerading as legitimate ones. SecurityWatch is partnering with a handful of security companies who monitor apps on Google Play and third-party marketplaces to identify malicious apps you should immediately remove from your Android device.

This week’s list comes from Appthority and includes three apps that have already been yanked from Google Play. However, the apps were still available on Amazon Appstore for Android as of a few days ago, as well as on other third-party app stores and Websites, according to Appthority. It’s important to avoid installing apps from Websites and unofficial app stores, but unfortunately, bad apps sometimes do manage to sneak on to established marketplaces like Google Play and Amazon’s Appstore.

A large percentage of malware is designed to make money, and the bad guys are figuring out that one of the easiest techniques is to embed malware inside the apps, Appthority told SecurityWatch.

It’s also important to remember that even if the app has been kicked out of Google Play, that doesn’t mean the app has been uninstalled from your device. While Google has interceded in the past and uninstalled dangerous apps from user devices, it is not normal practice. So while the odds of you coming across these apps are pretty low, if you were among the thousands of users who had already downloaded the apps, make sure you uninstall them immediately.

1. Savage Knife for Android
Originally flagged by researchers from Lookout Mobile Security, Google removed several apps which used the BadNews advertising network from Google Play last month. Savage Knife for Android was the most well-known app on that list (which included several Russian-language apps).

As it turned out, the BadNews advertising network was really bad news for the users. Not only did this ad network aggressively push ads on to the user’s mobile device, it was also responsible for sending out “malicious advertising content” such as links and payloads. Once the payload was installed, it performed various tasks on the device without the user knowing anything about it, such as sending SMS messages to prime rate numbers.

2. Live Wallpaper-Savannah for Android
Live Wallpaper-Savannah for Android was another popular app which used the BadNews network. At the time Appthority compiled the list, this app was no longer on Google Play but still available on Amazon and other marketplaces.

BadNews initially appeared as a “clean” ad network, but it turned into a “distribution channel for the bad guys” after installation, Appthority said.

3. Fake Vertu Apps
Vertu is a luxury phone manufacturer company owned by Nokia. There are a number of Vertu apps available which tend to be popular among Japanese and Korean users. Appthority found the SMSSilence malware embedded inside fake Vertu applications available on third party markets and Websites.

SMSSilence showed the user a “dummy screen” with unresponsive menu options, while in the background, it intercepted incoming SMS messages. The malware also sent hidden text messages to premium numbers. 

Found Bad Apps?
If you’ve downloaded any of these apps recently, make sure to uninstall those apps altogether from your device, and check your bills for unexplained charges.