Researchers have uncovered a new strain of advertising spyware in more than 100 Android apps downloadable from the official Google Play Store.
The research team at Russian security firm Doctor Web first added the trojan, which they called Android.Spy.277.origin, to its virus database on April 1st, 2016.
“A Trojan for Android that steals confidential information and delivers advertisements. It is distributed via bogus versions of popular Android applications on the Google Play store.”
Specifically, the malware experts found the trojan in 104 Android applications available for download on the Google Play Store. Those apps claim to offer photo editing services, animated wallpaper themes, and other programs… but in most cases, they don’t work as they claim.
In total, the apps affected by Android.Spy.277.origin are believed to have been downloaded by a staggering 3.2 million users.
The infection process works as follows.
Once a user has installed one of the malicious apps, the trojan collects nearly 30 different pieces of information about the user’s device and transmits them to a remote server operated by a attacker.
As Doctor Web explains in a blog post, the stolen data includes the device’s IMEI number – which phone call management app Truecaller has found out should NEVER be used as the sole means for authenticating user – as well as the device model, OS version, and availability of root access.
“At every launch of any installed application, the Trojan resends all the information mentioned before together with the name of the running application.”
Android.Spy.277.origin also requests certain parameters for advertising on a user’s device.
For example, the trojan can try to intimidate the user into installing unwanted applications onto their devices.
Alternatively, it can display advertising notifications in an infected device’s status bar as well as create shortcuts on the Android home screen leading to sections of the Google Play store.
Doctor Web has notified Google, whose teams have begun to remove some of the malicious apps from the Play Store.
While Google sorts out that problem, Android users are urged to install an anti-virus solution on their devices and to install apps only from trusted app developers.
After all, this is far from the first time that malicious code has made its way into the Google Play store.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.