Google will block 1.43 million malicious apps and ban 173,000 malicious accounts in 2022

May 01, 2023Ravie LakshmananMobile Security / Android

Google announced that its improved security features and app review processes helped it block 1.43 million malicious apps from being published on the Play Store in 2022.

Additionally, the company said it suspended 173,000 bad accounts and stopped over $2 billion worth of fraudulent and abusive transactions through developer-side features like Voided Purchases API, Obfuscated Account ID, and Play Integrity API.

Adding identity verification methods like phone number and email address to join Google Play helped reduce accounts used to publish apps that violate its policies, Google pointed out.

The search giant went on to say that it has “blocked approximately 500,000 submitted apps from unnecessarily accessing sensitive permissions over the last 3 years”.

“In 2022, the App Security Improvement Program helped developers fix approximately 500,000 security vulnerabilities affecting approximately 300,000 apps with a combined install base of approximately 250 billion installs,” it said.

In contrast, in 2021, Google blocked the release of 1.2 million policy-violating apps and banned 190,000 bad accounts.

The development comes weeks after Google enacted a new data erasure policy that requires app developers to offer users an “easily identifiable option” inside and outside of an app.

Despite Google’s efforts, cybercriminals continue to find ways to bypass app storefront security and release malicious and adware apps.

Case in point: McAfee’s Mobile Research Team discovered 38 games masquerading as Minecraft, which were installed by no fewer than 35 million users worldwide, mostly in the US, Canada, South Korea and Brazil.

While these gaming apps offer the promised functionality, they have been found to contain the HiddenAds malware to secretly load ads in the background to generate illicit revenue for their operators.

Some of the most downloaded apps are as follows:

• Block Box Master Diamond (com.good.robo.game.builder.craft.block)
• Craft Sword Mini Fun (com.craft.world.fairy.fun.everyday.block)
• Block Box Skyland Sword (com.skyland.pet.realm.block.rain.craft)
• Craft Monster Crazy Sword (com.skyland.fun.block.game.monster.craft)
• Block Pro Forrest Diamond (com.monster.craft.block.fun.robo.fairy)

“One of the most accessible content for young people using mobile devices is games,” said McAfee. “Malware authors are also aware of this and try to hide their malicious functions in games.”

Complicating the problem is the proliferation of Android banking malware, which attackers can use as a weapon to gain access to victims’ devices and collect personal information.

Another emerging trend is the use of binding services to trojan legitimate applications and hide a rogue APK payload. This technique was adopted by bad actors to proliferate an Android botnet called DAAM, Cyble said.

Once installed, the malware establishes connections to a remote server to perform a variety of nefarious actions, including functioning as ransomware by encrypting files stored on devices with a password retrieved from the server.

DAAM also abuses Android’s accessibility services to monitor users’ activities, making it possible to log keystrokes, record VoIP calls from instant messaging apps, collect browsing history, call logs, photos, screenshots, and SMS messages, execute arbitrary code and open phishing URLs .

“Malware authors often use genuine applications to proliferate malicious code to avoid suspicion,” the cybersecurity firm said in an analysis released last month.

The results also follow a recommendation from CloudSEK, which found that several popular Android apps, including Canva, LinkedIn, Strava, Telegram, and WhatsApp, do not invalidate or revalidate session cookies after app data is transferred from one device to another.

While this attack scenario requires an attacker to have physical access to a target’s phone, it could allow for account takeover and give an attacker unauthorized access to sensitive data.

To mitigate such threats, it is recommended to enable two-factor authentication (2FA) to add an extra layer of account protection, verify app permissions, secure devices with a password and not leave them unattended in public places.