Google Play hosted 20 apps that were capable of stealing personal information from popular programmes like WhatsApp, security experts have said.
–– ADVERTISEMENT ––
The apps exploited know vulnerabilities to “root” devices running older versions of Android and then bypass security protectons.
The malicious programmes were then capable of accessing sensitive data stored in popular apps such as WhatsApp, Facebook Messenger, Snapchat and Gmail.
WhatsApp is one of affected app that encrypt data in an attempt to make it harder for hackers to intercept messages as they are being sent.
Google has dubbed the batch of malicious apps that hit the Google Play store as Lipizzan.
Researchers from the search giant have been able to remove all of the Lipizzan apps using Google Play Protect.
They have also actively blocked all installs on new devices.
In a security blog post, Google said: “Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media.
“We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.
“We’ve enhanced Google Play Protect’s capabilities to detect the targeted spyware used here and will continue to use this framework to block more targeted spyware.”
The Lipizzan apps were capable of carrying out the following malicious commands:
• Call recording
• VOIP recording
• Recording from the device microphone
• Location monitoring
• Taking screenshots
• Taking photos with the device camera(s)
• Fetching device information and files
• Fetching user information (contacts, call logs, SMS, application-specific data)
To hide their malicious surveillance capabilities, the apps posed on Google Play as utilities for cleaning unwanted files or backing up data.
Google claimed the apps contained references to a “cyber arms company” called Equus Technologies.
The 20 Lipizzan apps that were distributed infected less than 100 devices in total.
The warning comes after Android users have been alerted over a number of malware threats.
Last weekend, users of Android smartphones were warned about a malware that can steal credit card and online banking details.
BankBot can bring up fake credit card entry and internet banking login screens to steal users’ sensitive data.
At first BankBot was just targeting users in Turkey, but now cybercriminals are targeting innocent people in the UK and US.
The malware infects an Android device and then gains administrative privileges before removing the icon of the app that infected it.
It tricks users into thinking the app that infected their device has been deleted, but in actual fact it is still working in the background.
BankBot is capable of spying on any SMS sent, and can also collect sensitive credit and debit card information.
Security experts have previously said BankBot has compromised over 400 apps found on the Google Play Store.