Google has confirms there were some malicious security threats hiding out on Play Store. Twelve apps have been identified, and the recommendation is that users who have downloaded these applications delete them from their devices. The threat was discovered by cybersecurity firm Check Point, who warn that “malicious apps are still finding their way onto Google Play despite assurances from Google that robust checks and versification protocols are in place.
The form of malware – dubbed Haekn – is the latest iteration of the Joker malware family. The malware is a form of spyware and premium dialer that can access notifications, read and send SMS texts. Common in 2019, the Joker series of malware infected an estimated half-a-million Android mobile devices.
The impacted apps are:
com.app.reyflow.phote
com.race.mely.wpaper
com.landscape.camera.plus
com.vailsmsplus
com.faber.kids.coloring
com.haken.compass
com.haken.qrcode
com.vimotech.fruits.coloring.book
com.vimotech.soccer.coloring.book
mobi.game.fruit.jump.tower
mobi.game.ball.number.shooter
com.vimotech.inongdan
According to Forbes, Google has stated that it has removed some 1,700 apps carrying the Joker malware. However, it seems that more apps have managed to get into Play Store, deploying just about every cloaking and obfuscation technique possible to remain, for a period at least, undetected.
Commenting on the Google Play Store vulnerability for Digital Journal, Sam Bakken, Senior Product Marketing Manager, at OneSpan says: “The Google Play Store is no stranger to malicious threats. Providers of mobile apps are challenged to ensure that their apps are secure.”
One of the reasons why Play Store is vulnerable, Bakken says, is due to a shortage of IT talent: “Not only is it hard to find and retain Android and iOS development talent, mobile app security experts or mobile developers with security knowledge are even fewer and farther between.”
This is something Google needs to work on, Bakken notes. However, consumers want action. Bakken states: “That challenge doesn’t matter to consumers. They want a great, secure consumer experience. App developers need to take advantage of proven mobile app security tools to help them ensure the security of their apps.”
In terms of what needs to be done, Bakken concludes: £Mobile in-app protection solutions provide developers the proven, mobile app security building blocks they need to fortify their apps. And, they don’t need to be mobile security experts to use them.”
