KEY POINTS

  • The apps went through a legitimate review process before entering Google Play Store
  • Hackers later introduced the malware to the apps through regular updates
  • Google removed the apps upon receiving the report about the threat

A fraudulent attack used eight apps in the Google Play Store to hide malware that hijacked device owners' SMS and made unauthorized purchases with the users' money.

Sang Ryol Ryu and Chanung Pak, Mc Afee mobile researchers, warned Android users about the attack and the malware behind it in an announcement published on April 19.

The post, published on the McAfee website, said the malware targetted Android users from Southwest Asia and Arabian Peninsula. The McAfee research team dubbed the said malware Android/ Etinu, ArsTechnica said in a report.

The malware hid in eight Google Play apps with over 700,000 downloads and allegedly hijacked device owners' SMS notifications so they could later make unauthorized purchases.

The security researchers clarified that the fraudulent apps, in which the malware hid, had gone through a legitimate review process before entering Google Play Store. They had to pass the review by submitting a clean version of the app before they were allowed in the store.

However, the threat actors managed to invade the affected apps through regular updates. Hackers took advantage of the updates to introduce the malicious codes which later turned out to be embedded malware, a move that SlashGear described as "almost genius in its simplicity."

The fraudulent apps bypassed the OTP required in making purchases. They hooked into the Android's Notification Listener and listened to the OTP sent via SMS. By listening to notifications, the apps can avoid making requests for permission to read SMS.

Recent Android user reports have confirmed the attack. Several users have already claimed that they received notifications about purchases they didn't make. And it turns out that they are all linked to the malicious app.

According to the researchers, they already got in touch with Google about the matter. The software giant removed all eight apps upon receiving their report.

McAfee assured everyone that the company's security tools are able to detect the presence of Android/ Etinu since the malware is not sophisticated enough. Moreover, the company recommends that the users thoroughly scan their devices to ensure that there is no presence of malware.

Google Play Store
Google's new Play Pass subscription service gives users access to hundreds of apps and games from the Play Store. REUTERS/Stephen Lam
RELATED STORIES
Android Malware