Cybercriminals are making use of hidden apps on Android phones to get private data and gain access to the victim's device, a practice that has begun to grow by leaps and bounds since last year.
According to the latest McAfee report, the number of hidden application attacks on Android devices has increased considerably in 2019. Specifically, it is an attack that is giving very good results to hackers, which has made 50% of all Malicious threats of 2019 are from hidden applications that we have on our Android device.
This is a 30% increase compared to 2018 and comes to justify it in that every time users are less careful when downloading an application, especially those that are outside the Google application store.
The attackers are making use of applications related to video games to expand malware known as LeifAccess or Shopper, because the victims are younger, and therefore are very careful when downloading all kinds of applications.
In the report, you can read that "hackers are taking advantage of the popularity of games to distribute their malicious applications through links in popular chat applications for players." It also seems that they are distributing videos that contain links to fake applications that disguise themselves as genuine and well known as Call of Duty, FaceApp or Spotify.
As a security measure, McAfee states that users should only download applications or games from the official Google app store, and not rely on other external stores that facilitate an APK, since many could be the vehicle to distribute such applications masked that contain malware.
As so often with adware apps, most are designed around trivial utilities—QR readers and image editors, for example. “Most ironically,” Sophos reports, one of the malicious apps is designed “to scrub your phone of private data.” You couldn’t make this up. The mindset to download an app of unknown provenance for such a delicate purpose we won’t get into—the warnings here basically go without saying.
Once installed, the apps use innocuous names to ensure they don’t trigger suspicions. And, arguably, the most worrying finding is that all 15 apps appeared this year—that means there are still gaping holes in Play Store security and there are adware factories churning out such apps and pushing them into the public domain. Sophos believes that similarities in coding structure and user interfaces suggests this batch of apps might all be related, despite appearing to come from different publishers.
Sophos says that Google was notified about the apps and they seem to have been removed—the underlying threat and coding techniques will remain in other as yet unidentified apps in the store and the myriad apps likely still to come.