The Google Play Store makes it very easy for developers to market their apps quickly without too much review. That said many developers can sneak malware into apps and publish them to the Android Market leaving the true security in the hands of users reviews and download numbers. In this case there were 13 popular apps that had it not been for the malware creating the popularity may have never been noticed. Thus the apps have been banned.
The apps found guilty were fully functional apps that on the surface seem completely legit and even a little fun. In the background these apps are sneaky and can go so far as leaving positive reviews and ratings without your knowledge. After its done the malware would install another app and run through the process again.
If that wasn’t bad enough some of the apps could even detect if a device is rooted and give itself root access. The reason for the app wanting root access is to allow it to survive even after a factory reset is done on the device when the user tries to clean up the device if the malware is found. It seems Lookout found an app with this security breach and said “Specifically, it attempts to detect if a device is rooted, and if so, copies several files to the /system partition in an effort to ensure persistence, even after a complete factory reset.”
While this is not as rampant in the Google Play Store it is quite common for apps to not only look for root access but also auto-root devices to get the access. Several of these malware groups or families are known as Shedun, Shaunet and Shiftybug and are generally found in third party app markets and not Google Play.
Before the apps were found and removed from the Play Store they had already reached millions of devices and had been labeled as popular. Of course we now know this was due to the malware and not true user reviews.
What 13 apps contain the malicious malware?
While there is no easy way to remove the threat you will want to know if you have installed the apps so you can take actions or just chalk one up to luck. The games that are showing malware that you need to be aware of are:
- Cake Blast
- Tiny Puzzle
- Jump Planet
- Ninja Hook
- Piggy Jump
- Just Fire
- Honey Comb
- Crazy Block
- Eat Bubble
- Hit Planet
- Crazy Jelly
- Cake Tower
- Drag Box
How to Remove Malware these apps have installed
Not to be the bearer of bad news but the only way we know of at this point is installing Root Explorer and start the scavenger hunt for suspected files. You will need to know what you are looking for so if your not an Expert Android user or even a developer you may want to just flash a whole new image to start completely over. Of course finding and flashing the factory image to your device is a guaranteed way of starting clean. There are many guides out there on how to do this and in most cases its rather easy for even the most Novice of Android users.