Eight apps were discovered spreading a new malware

Eight apps were discovered spreading a new malware

mci-pages-sharing

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services.

The eight apps in question, which have since been removed, had collectively been downloaded 50,000 times. The apps were mostly camera utilities and children’s games, including:

  • Kids Coloring
  • Compass
  • Qrcod
  • Fruits coloring book
  • soccer coloring book
  • fruit jump tower
  • ball number shooter
  • Inongdan

Package name of this applications after install are:

  • com.faber.kids.coloring
  • com.haken.compass
  • com.haken.qrcode
  • com.vimotech.fruits.coloring.book
  • com.vimotech.soccer.coloring.book
  • mobi.game.fruit.jump.tower
  • mobi.game.ball.number.shooter
  • com.vimotech.inongdan

The apps legitimately function as advertised, but in the background covertly perform an array of malicious functions.

Haken has shown clicking capabilities while staying under the radar of Google Play, Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.

After download, Haken communicates with a remote server and asks for permissions that the actual downloaded app doesn’t require in order to function (for instance, permission to let the app run code when a device starts up).

It then injects code into advertising monetization platforms for Facebook (Facebook Ad Center) and for Google (specifically Google AdMob), which would give the attackers access to the credit cards tied to these accounts. These accounts are used to pay for the premium subscription services, said researchers

After reporting the threat to Google, all of the affected applications were removed from Google Play, researchers said.

Prevent from malware infection:

  • Install software from trusted sources (Google Play on Android and App Store on iOS)
  • Pay attention to the permissions obtained when installing and executing application and not granting suspicious access permissions due to application usage
  • Pay attention to other program users pre-installation comments
  • Activate the App Scan feature on the Google Play Store to periodically scan for apps installed on your mobile phone
  • Install and use valid and up-to-date anti-malware tools