Article 44FDK 22 apps with 2 million+ Google Play downloads had a malicious backdoor

22 apps with 2 million+ Google Play downloads had a malicious backdoor

by
Dan Goodin
from Ars Technica - All content on (#44FDK)
backdoor.jpg

(credit: Jeremy Brooks / Flickr)

Almost two dozen apps with more than 2 million downloads have been removed from the Google Play market after researchers found they contained a device-draining backdoor that allowed them to surreptitiously download files from an attacker-controlled server.

The 22 rogue titles included Sparkle Flashlight, a flashlight app that had been downloaded more than 1 million times since it entered Google Play sometime in 2016 or 2017, antivirus provider Sophos said in a blog post published Thursday. Beginning around March of this year, Sparkle Flashlight and two other apps were updated to add the secret downloader. The remaining 19 apps became available after June and contained the downloader from the start.

"Serious harm"

By the time Google removed the apps in late November, they were being used to click endlessly on fraudulent ads. "Andr/Clickr-ad," as Sophos has dubbed the family of apps, automatically started and ran even after a user force-closed them, functions that caused the apps to consume huge amounts of bandwidth and drain batteries. In Thursday's post, Sophos researcher Chen Yu wrote:

Read 9 remaining paragraphs | Comments

index?i=G7A0hDH2eKU:00FoBbmyLZ0:V_sGLiPB index?i=G7A0hDH2eKU:00FoBbmyLZ0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments