Spyware campaign in Google Play store
Kaspersky researchers have published their discoveries about spyware campaign in Google Play store lasting over past five years.
Kaspersky researchers have named it ‘PhantomLance’. Fraudsters are hiding Trojans in their apps, bypassing the security features that Google Play has. This malicious campaign has been targeting Android users in Google Play store but also in other app stores with apps for Android (such as APKpure).
To bypass the security control these apps went as far as creating fake GitHub profiles to add a more legitimate layer to their frauds. Furthermore, the first versions of the apps may not contain malware and may have downloaded it later with update, to help go through security of Google Play.
These malicious apps mostly posed as plugins, browser and device cleaners, app updaters, Adobe Flash plugins.
Once it’s on the device this spyware may gather a lot of data: geolocation, call logs, SMS access, contact access, other installed app list.
Malware for mobile platforms is becoming more popular as the mobile devices are being widely used.
The app stores were informed about malicious apps and they deleted them from the market but as one is deleted another one is uploaded. We also have to remember that even though the app is taken off the market it doesn’t mean it stops working or deletes itself from the device – the user has to do it themselves.