Heimdal
article featured image

Contents:

Multiple apps pretending to be useful utilities and system optimizers, but hiding malware have been identified by researchers on Google Play. Over 2 million Android users were tricked into downloading the malicious apps, with one app in particular, TubeBox, amassing over 1 million downloads alone.

Malware Deploying Apps

The identified apps were the source of performance hiccups, ads, and user experience degradation. The apps have been used for phishing attacks, and to deploy malware on infected devices. Some of the apps are still available for download in Google Play, including TubeBox.

TubeBox promises its users monetary rewards in exchange for watching videos and ads on the app. However, the app never delivers on its promises and prevents various errors when users try to redeem their rewards.

The TubeBox App on Google Play (Source)

Even users who successfully complete the final withdrawal stage never actually receive the money, according to the researchers, as the whole thing is just a ploy to keep users on the app as long as possible so they may view adverts and bring in money for the makers.

Other apps that have been detected in October 2022, but since have been removed, are:

  • Bluetooth device auto connect (bt autoconnect group) – 1,000,000 downloads
  • Bluetooth & Wi-Fi & USB driver (simple things for everyone) – 100,000 downloads
  • Volume, Music Equalizer (bt autoconnect group) – 50,000 downloads
  • Fast Cleaner & Cooling Master (Hippo VPN LLC) – 500 downloads

As reported by BleepingComputer, the apps mentioned received commands from Firebase Cloud Messaging and would generate fraudulent ad impressions on the infected devices. In the case of apps with a smaller number of downloads, the threat actors could configure the infected devices to act as proxy servers. The threat actors could route their own traffic through the infected device using this proxy server.

You should always look for negative reviews, carefully read the privacy statement, and visit the developer’s website to verify the legitimacy of an app before downloading it from Google Play.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE