New Android Trojan boosts malicious apps in Play Store
An Android malware dubbed ‘Trojan-Dropper.AndroidOS.Shopper.a’ found infected in large share of android devices in Russia,Brazil and Asia. According to the Kaspersky Lab researcher ‘Igor Golovin’, this malware has ability to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more.
First, the Trojan deploys phishing attacks to hijack permissions to access the services.Then bypass the Android Accessibility Service, a well known strategy used by Android malware to perform a wide range of malicious activities without needing user interaction.
When all these done ,malware is able to downloads and decrypts the payload, then goes straight to collecting device info such as country, network type, vendor, smartphone model, email address, IMEI, and IMSI. These harvested information send to the remote servers which will send back a series of commands to be run on the infected android device.
By executing those commands in an infected android device, attacker is be able to open links in an invisible window,disable Google Play Protect,create shortcuts to advertised sites in the apps menu and download apps from the third-party “market” Apkpure[.]com and install them.In addition to that infected devices are used to boost other malicious apps ratings on the Play Store, post fake reviews on any apps’ entries and register users through their Google or Facebook accounts in several apps.
According to the Android Security & Privacy 2018 Year In Review report published in March 2019, Google Play Protect scans over 50 billion apps every day across more than two billion devices.But this malware indicates that those efforts may not enough on behalf of modern cyber threats.