Android Malware Changes Own Icon to System Apps
Malware creators are using new tactics to avoid their malicious Android apps being exposed. The scam involves hiding and even disguising apps as legitimate ones once they've been installed.
Fake Apps Receive Fake Praise
It's a twist on a well-established scam in which malware is distributed through apps that appear to perform a basic function such as reading QR codes, or turning the camera flash into a flashlight.
Thanks to a host of bogus rave-reviews in the Google Play store, the only way to spot something is amiss is that the apps will ask for specific access permissions that are clearly not relevant to the advertised functions.
The most common purpose of the rogue apps is to use the hijacked phone to fraudulently (and secretly) visit websites in the background in order to make bogus views and clicks on advertisements on websites that are owned by scammers. This will is referred to as click fraud and will net the scammer big bucks in a short amount of time, considering some apps are downloaded hundreds of thousands of times.
It's bad news for phone users as the background activity can be so relentless it can drain battery, slow a phone down, eat up mobile data allowances and overheat the handset.
Apps Use Bogus Icons
Security company Sophos says it's spotted 15 apps on Google Play which use this technique, but have added one or both of a couple of new tricks.
The first is to set the app to hide its icon from the app drawer, which is the screen that shows all apps installed on a phone, displayed as a set of icons. (Source: sophos.com)
The other trick is to replace the original app icon with something that looks legitimate and even essential. Examples include "Update" and, particularly cheekily, "Google Play Store."
In both cases, the idea is to hope users forget they've installed the app, reducing the chances they'll remove it during a routine clean-up or after the app is exposed as rogue.
The original names of the 15 apps exposed by Sophos are:
- Auto Cut Out
- Auto Cut Out 2019
- Auto Cut Out Pro
- Background Cut Out
- Background Cut Out New
- Find Your Phone: Whistle
- Flash On Calls & Messages
- Generate Elves
- ImageProcessing
- Imagine Magic
- Photo Background
- QR Artifact
- Read QR Code
- Savexpense
- Scavenger - speed guard
How To Spot Fake 'System Apps'
Sophos notes that the easiest way to check if any of these apps are on a phone and have disguised themselves is to open the Settings Menu (by sliding it down from the top of the phone) and then go to the "Apps & Notifications" option. This will show recently opened apps, with an option to see the full list.
If this option isn't available you can go to Settings -> Apps to see the list of installed apps, but they won't be listed chronologically.
The disguised apps will have generic names and have the Android system app icon. On recent editions of Android, this icon is the top half of a "robot head" on a green background with a white grid.
Tapping on the app's name will open a screen with more info. A legitimate Android system app will have the options of "Disable" and "Force Stop." An app installed by the user, such as the scam ones, will instead have the options of "Uninstall" and "Force Stop."
Clicking "Force Stop", then "Uninstall" (if the option is available) is the best option to stop and uninstall any app. Even apps that can't be uninstalled can be Force Stopped and will remain that way until they are run again by the user. (Source: techradar.com)
What's Your Opinion?
Do you know what apps are on your phone? Do you regularly check to see if anything is amiss? Could Google do more to warn users about suspicious apps?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.