Avoid Persisting These Applications on Your Device after Google Play Store Removal
Rewriten Article:
Play Store Woes: Are Your Android Devices Safe?
It seems Google's fortress isn't as impenetrable as we thought. This month, a barrage of shady apps has slipped past Play Store's defenses, prompting deletions of hundreds by Google. But with advice circulating to trust Play Store over sideloading, this debacle is causing quite a stir, to say the least.
Make no mistake — these threats are nothing to trifle with.
Two weeks ago, I issued a heads up about a dangerous new campaign exploiting Play Store for a massive scale attack on Android phones. Integral Ad Science (IAS) dubbed this menace "Vapor," due to its uncanny ability to strip apps of their authentic functionality, leaving devices essentially crippled.
IAS flagged 180 menacing apps with a whopping 56 million downloads. Yet, the danger runs deeper than that. Bitdefender has just reported that while "IAS Threat Lab uncovered a piece of this menace," the campaign boasts at least 331 apps — amassing yet another 60 million downloads. Shockingly, despite Google deleting most of these apps, 15 were still active when Bitdefender wrapped up their research.
Attackers have proved to beespecially sly by hiding the apps' icons from the launcher, a tactic only effective on newer Android versions. Beyond generating fraudulent ads, some apps have attempted to pilfer user credentials and credit card data via phishing attacks.
It's unclear whether this is the work of a single threat actor or a malware toolkit leased or rented to various groups, relying on the same malware. However, the success of this operation, according to Bitdefender, "is one of the primary reasons why it's not advisable to solely trust the protection provided by default on Android devices and the Google Play Store."
The hijacked apps in IAS's report share a recurring theme of trivial functionalities, enticing users into a casual, free install from Play Store. Bitdefender echoes this, warning that many of the apps in question were "QR scanners, expense trackers, health apps, and wallpaper apps." Other culprits include document converters, PDF readers, horoscopes, and flashlights — yes, even flashlights.
"Vapor Apps continually bombard users with intrusive, full-screen ads that render them unable to interact with or even uninstall the apps," Scott Pierce, head of fraud protection at IAS, explained to me. "The current strain of Vapor is now well understood by IAS, provided the characteristics of these apps. We greatly appreciate the collaboration of our partners at Google in promptly addressing this issue. Google Play Protect will now warn users and automatically disable these apps."
In response to IAS's report, Google confirmed, "if we find apps that violate our policies, we take appropriate action. We have removed all of the identified apps in this report from Google Play. Android users are also automatically protected from associated apps known to exhibit such behavior by Google Play Protect, which is active by default on Android devices with Google Play Services. Google Play Protect will warn users and automatically disable these apps, even when apps originate from sources outside of Play."
Despite Google's prompt action, it's crucial not to rely on their removal from the store only. Eliminate the apps flagged by Bitdefender and any other free, insignificant apps you've installed but no longer need. Ensure Play Protect is enabled and be wary of disabling it to enable an app to install. Most importantly, steer clear of downloading these kinds of free apps.
Sources:
- Threatpost
- Bitdefender
- Integral Ad Science (IAS)
- KrebsOnSecurity
- The dangerous new campaign exploiting Play Store, known as "Vapor," has shown that default Android device protection and Google Play Store may not be sufficient, according to Bitdefender.
- Though Google has deleted most of the apps associated with "Vapor," there are still active instances, highlighting the need for users to be cautious and remove any flagged apps, even if they do not originate from the Play Store.
- The apps involved in the "Vapor" campaign, such as QR scanners, expense trackers, and even flashlights, should be avoided as they can lead to intrusive ads, phishing attacks, and potential device crippling due to another round of sideloading.
