The number 13 is typically a unlucky number for most people in the Western world. Many apartment buildings and office towers skip the number altogether, jumping straight from floor 12 to floor 14. There’s even a recognized phobia for the number known as triskaidekaphobia! No other numbers have fancy Greek-named phobias that are officially recognized by psychologists, which makes it pretty special.
Unlike the number 13, you don’t need to be phobic about Android apps in the Google Play Store—well, at least not most of the time. Anyone who pays $25 can upload their own Android apps to the Google Play Store, but Google will remove apps that they discover to be malware. Sometimes users report malware apps, other times security researchers do, and sometimes Google catches them with their own malware scans of their Play Store. Most of the apps in the Play Store are fine, and it’s a much safer source of apps than third-party app stores or Android app files found in other parts of the internet, such as through BitTorrent or web forums. But the risk of finding malware in the Google Play Store is always there, and lots of Android malware has been discovered in the past few years.
Tell me more about these apps…
One security researcher, Lukas Stefanko, has warned people that a set of 13 apps are all bad news for your Android device because they are Trojans, which means they’re malware pretending to be something you want, such as a game. All 13 of the apps present themselves as games, and they are:
- Truck Cargo Simulator
- Extreme Car Driving
- City Traffic Moto Race
- Moto Cross Extreme
- Hyper Car Driving Simulator
- Extreme Car Driving Racing
- Firefighter – Fire Truck Simulator
- Car Driving Simulator
- Extreme Sport Car
- SUV 4X4 Driving Simulator
- Luxury Car Parking
- Luxury Cars SUV
- SUV City Climb Park
Reports suggest all the apps were made by “Luiz O Pinto.” As per Stefanko’s screenshot, none of the apps have a user rating greater than 3.5 stars, and many have only two stars. Stefanko took a video of when he tried to install and launch Truck Cargo Simulator. Alarmingly, its page in the Google Play Store said it was “Verified by Play Protect,” a feature Google uses to make sure there aren’t malware apps in the store.
Where’s the proof?
When Stefanko launched Truck Cargo Simulator, a screen that said “Made with Unity” displayed briefly. Unity is popular software that is used to make many, many popular games not only for smartphones, but also for video game consoles and PCs. Most games that are “Made with Unity” are not malware. But Truck Cargo Simulator doesn’t show any sort of game at all. After the “Made with Unity” screen is displayed, it shows a solid dusty pastel blue color, and then you’re back to your Android home screen with the app icons.
All 13 malicious Android apps download a new malware app to your phone called Game Center, which asks for lots of permissions including full network access, view network connections, view wifi connections, and run at startup. These permissions allow the cyber attacker to control how your Android phone uses the internet, makes sure that the malware runs every time you restart your phone, and ensures it’s possible for the cyber attacker to send more malware to your phone that can be used to control your device.According to Stefanko, these thirteen malicious Android apps have been installed more than 560,000 times. Hopefully by now, Google has removed them from the Play Store and banned Luiz O Pinto’s account.
The Game Center malware triggered by the installation of these apps is similar to the GPlayed malware that was reported in October. Security researcher Vitor Ventura wrote: “What makes this malware extremely powerful is the capability to adapt after it’s deployed. In order to achieve this adaptability, the operator has the capability to remotely load plugins, inject scripts and even compile new .NET code that can be executed. Our analysis indicates that this Trojan is in its testing stage—but given its potential, every mobile user should be aware of GPlayed. Mobile developers have recently begun eschewing traditional app stores and instead want to deliver their software directly through their own means. But GPlayed is an example of where this can go wrong, especially if a mobile user is not aware of how to distinguish a fake app versus a real one.”
What does this all mean?
In layperson’s terms, GPlayed is Android malware that allows cyber attackers to put even more malware on a victim’s phone. It’s adaptable, so lots of different types of malware can be deployed to accomplish malicious tasks. If a cyber attack doesn’t work the way it’s supposed to, they have a connection to victims’ Android phones that they can use to try other malware. A lot of these cyber attacks can give criminals full remote access to our phone!
As Ventura wrote, GPlayed is probably in its testing phase. So cyber attackers can make changes to GPlayed based on what they learn from their attacks. Some legitimate software developers have been releasing their Android games outside of the Google Play Store because they don’t want Google to be able to take a percentage of their app sale revenue. An example is Epic Games. Epic Games has made the Android version of their hugely popular Fortnite video game only available for sale on their website. Android users have to go into their settings to allow apps from outside of the Google Play Store in order for this to work. But even though malware can be found in the Store sometimes, the risk of an Android app being malware is much greater outside of the Store. Games like Fortnite are safe, but now the user has opened up the possibility of installing Android malware from anywhere on the internet.
If you want to avoid Android malware like those terrible 13 apps, here are some tips. Only install apps from the Google Play Store. If any apps have a user rating of less than four out of five stars, do not download them. A low rating often means that users have reported malware. It’s ultimately best to only install games and other types of Android apps that have been recommended on different app review websites, which considerably reduces the odds of the app being malware. Also, always install antivirus software on your Android phone!
#