In total, anywhere between 4.2 million and 17.4 million users downloaded the apps from the Google Play Store.
144 different mobile applications downloaded by up to 17.4-million Android users contain a form of Trojan malware. This was discovered by a team of security researchers from McAfee. The team disclosed their discovery in a blog post on Tuesday. Experts have called the threat Grabos.
It was first discovered in music app Aristotle Music audio player 2017 which had been downloaded in excess of five million times. Further analysis by the experts revealed that the same malware could be found in 143 additional pieces of software.
This follows the discovery by cybersecurity companies ESET and Dr Web of similar findings of malicious mobile software which had successfully been snuck onto Google’s official application market. The team from McAfee said that majority of apps containing Grabos were updated last in August and October.
It is believed that the main purpose of the software was to make money by promoting the download and installation of other software to devices. In total, anywhere between 4.2 million and 17.4 million users downloaded the apps from the Google Play Store.
Carlos Castillo a security researcher wrote that Grabos gained its popularity on Google Play simply because it allowed users to access free music to downloads all while constantly requesting them to rate the app. He said that what users were not aware of was the hidden functionality that comes with those apps. This included exposing users to custom notifications which would install additional apps. These would then be opened without the users’ consent.
Castillo added that Grabos also reported the presence of specific social apps on infected devices. Cybercriminals could make use of the information to deliver additional apps. According to the firm along with forced advertising the apps could track the location of users. The infectious software was removed from the Play Store after McAfee notified Google of the threat in September.
But this does not mean that the marketplace became free of threats. Just 24 hours after the report by McAfee was released, a Slovakian anti-virus firm, ESET, said that it found a similar set of eight malicious applications available on the Play Store. The most malicious of the lot was a banking Trojan designed to quietly steal financial data. At the time of its discovery, however, it has only reached a few hundred downloads.
Researcher Lukas Stefanko has said that multi-stage downloaders have a greater chance of accessing the official app stores than common Android malware. He advised that users who would like to stay protected must not solely rely on the store’s protection but they must also take note of the app ratings and comments and also pay attention to permissions required to run the app. Earlier this week a similar threat was discovered by Russian cybersecurity firm Dr Web.