Malicious apps now rebadge themselves, making them harder to find and uninstall
Malware poses an evolving and omnipresent threat, and despite their best efforts, app stores like Google’s are vulnerable to unknowingly being used for distribution. The Play Store regularly removes apps and bans developers flouting rules intended to stop adware, spyware, malware, and other annoying apps you’re better off without. In response, developers of these applications try every trick in the book to dodge Google’s checks. Today we’re learning about some apps that have been automatically changing their name and icon after installation, so they can stay undetected on your phone while bombarding you with ads.
The crew at Bitdefender recently identified 35 apps abusing this method to make it harder for you to find the culprit responsible for ad spam and malicious ads. The apps have accrued over two million downloads combined.
Once installed, these apps rename themselves to match a system app like Settings to help stay hidden. Their icon also changes automatically to match, and tapping redirects unsuspecting users to the real Settings app on their phone. Some of these request you to disable battery optimization and grant permission to display over other apps — which we’d hope would be red flags. Apps can abuse these permissions to start foreground services notifications and simulate users clicks on ads for financial gain.
Bitdefender says it used a new real-time behavioral technology to identify the adware. Based on patterns in the app naming style, developer emails, and listed websites, it believes all the apps could be the handiwork of a single individual or group. As for what you can do to stay safe, the security experts suggest the standard advice like deleting unused apps, not installing ones you don’t really need in the first place, and being on the lookout for unusual permission requests.
