Google Play Store is undoubtedly the largest app store on earth with millions of apps and billions of users. As Google, the owner of Play Store, does not offer guarantee or authenticity of the apps being developed by anonymous developers it becomes more vulnerable than its competitor – the Apple App Store.
Although Google claims to undertake efforts to remove every sort of virus from the Play Store but a recent report has made that claim argumentative. Courtesy of SophosLabs, the report claims the existence of a mysterious malware on the store, containing the MarsDae-A (library of ads). Google has taken steps to combat this adware in the past, however, the problem still remains.
The report demonstrates that despite persistent claims by Google of having tightened security standards on the Play Store, the platform remains open to fishy activities. Ultimately, SophosLabs claims that the biggest downfall of these apps is the user-experience itself.
Once on your device, the adware allows a barrage of constant pop-ups to appear on your display, whether they are forced shut or not. It achieves this by a clever never-ending cycle which puts the users in suffering.
So far, the researchers have identified 47 apps that are infected by the adware. However, being downloaded a combined sum of 6 million times shows the extent of the problem.
The list of apps which includes infected ones can be found here. You may notice that most of the infected apps include utility and productivity category, which aren’t sophisticated by design.
How Does Mysterious Malware Work?
A particular specimen shown in the report was the Snap Pic Collage Color Splash app, which has been downloaded more than 50,000 times. The adware affects phones ranging from Android 2.3 Gingerbread to 6.0 Marshmallow, meaning newer phones are considerably safer when it comes to infections.
Once the app is installed, it will pop up ads on the user’s home screen. Even if you force stop the app from system settings, the ads will resume after few seconds.
Once dropped on an Android 5 and 6, the library repeats a series of steps to keep the ads running. It runs code that kicks off a number of processes creating a file, then locks it.
Each process creates another file. For example, Process A creates a2 and repeatedly checks if Process B has created file b2, and vice versa. If Process A finds file b2, it means Process B has started and locked file b1. Process A can delete file b2. Process B will do the same thing for file a2.
Process A keeps monitoring the lock status of file b1 while Process B monitors file a1. If any file is unlocked, it means the related process is dead. Then anther process can restart it again.
As clever as the technique may be, all it does in the long run is ruin each app’s reputation on Google Play.
We advise to be vigilant and use only high-rated apps, from notable developers. Also, make sure you have updated your phone or have one that receives new security updates regularly.
If you see the infected apps, listed in the report, don’t download them. It is also advised to use a testified and high-rated Android anti-virus. By blocking the install of malicious and unwanted apps, even if they come from Google Play, you can spare yourself lots of trouble.