TROJAN IMITATES GOOGLE PLAY STORE TO FRAUDULENTLY BOOST ANDROID APPS
Security researchers have found a new Android Trojan that behaves “like a human” to get past protections on the Google Play Store.
Guerilla, which downloads and installs apps and leaves fake comments and ratings on the store, uses a rogue client application to fool Google’s anti-fraud technologies.
Its aim, as part of schemes known as Shuabang campaigns, is to boost legitimate apps by increasing their download rates and posting positive reviews on Google Play.
According to researchers at Kaspersky Lab, the apps used to achieve this do not usually steal users’ money or data, but can covertly download additional apps at the victim’s expense.
“Guerilla is not the first malicious app that tries to manipulate the Google Play Store, but it does it in a pretty sophisticated way that we haven’t seen before,” said Nikita Buchka, a security expert at Kaspersky Lab, commenting on the findings.
“The thinking behind this method is clear: Google can probably easily distinguish requests to Google Play that were made by robots – most of the Shuabang malware we know about just automatically sends out requests for the particular page of a particular app.
“This isn’t something that a real human would do, so it is easy for Google to see that the request is not really from an authorised user. The malware that searches an app before it goes to the app’s page is much harder to detect, as this is how most Google Play users behave.
“It is important to note, however, that this malware is only capable of abusing Google Play mechanisms from rooted devices, which again reminds us of how important it is to avoid using rooted Android smartphones and tablets.”
Security experts regularly issue warnings to Android users over rogue apps.
In the run-up to the release of the popular Prisma photo editing app, a series of malicious impostors designed to fool users were downloaded more than 1.5 million times.