Researcher Finds Trojanized Apps with 2 Million Downloads on Google Play
In a new report, Dr.Web’s research team has uncovered a dangerous wave of malicious apps on Google Play, revealing that over 2 million users have unwittingly downloaded trojanized applications, primarily from the Android.FakeApp family. One of the standout examples, Android.FakeApp.1669, “differs from most of the threats that are similar to it in that it uses a modified dnsjava library to get the configuration from a malicious DNS server,” allowing it to load targeted websites only when connected to specific mobile internet providers.
When installed, these apps—disguised as useful tools or games—appear harmless, but once launched, they send a DNS request to a command-and-control (C&C) server to receive commands for further actions. In this campaign, the apps are designed to target certain internet providers, ensuring that the trojan remains dormant in other cases. Dr.Web reports that “the trojan does not manifest itself in any way” unless connected through a targeted mobile provider, which allows it to evade detection on devices without alerting users.
The malware hides in popular apps like “Split it: Checks and Tips” with over a million downloads and “FlashPage parser ” with 500,000 downloads. Once activated, Android.FakeApp.1669 can load an unwanted web address, frequently leading users to a website instead of the advertised app features. Dr.Web highlights that the trojan “literally transforms into a web application that displays the contents of the loaded website and not the functionality declared on the app’s page on Google Play.”
Fortunately, Dr.Web’s mobile security tools can detect and remove known variants of Android.FakeApp.1669. However, users are advised to exercise caution when downloading apps from any app store and ensure they have trusted security solutions on their devices to stay protected.
| App name | Number of downloads |
|---|---|
| Split it: Checks and Tips | 1,000,000+ |
| FlashPage parser | 500,000+ |
| BeYummy – your cookbook | 100,000+ |
| Memogen | 100,000+ |
| Display Moving Message | 100,000+ |
| WordCount | 100,000+ |
| Goal Achievement Planner | 100,000+ |
| DualText Compare | 100,000+ |
| Travel Memo | 100,000+ (is deleted) |
| DessertDreams Recipes | 50,000+ |
| Score Time | 10,000+ |
Related Posts:
- Multiple malware on Play Store has accumulated 2 million downloads
- Android Malware Surge: Adware Trojans, Spyware Trojans, and Banking Malware on the Rise
- Web founds 3 new Trojan on Google Play that perform phishing attacks
- Web researchers found Triada banking Trojan in over 40 models of cheap Android
- Stealthy New Android Trojan Disguised as Popular Apps Steals Your Data
