https://arstechnica.com/information-technology/2018/12/google-play-ejects-22-backdoored-apps-with-2-million-downloads/
By Dan Goodin
Ars Technica
December 6, 2018
Almost two dozen apps with more than 2 million downloads have been removed
from the Google Play market after researchers found they contained a
device-draining backdoor that allowed them to surreptitiously download
files from an attacker-controlled server.
The 22 rogue titles included Sparkle Flashlight, a flashlight app that had
been downloaded more than 1 million times since it entered Google Play
sometime in 2016 or 2017, antivirus provider Sophos said in a blog post
published Thursday. Beginning around March of this year, Sparkle
Flashlight and two other apps were updated to add the secret downloader.
The remaining 19 apps became available after June and contained the
downloader from the start.
"Serious harm"
By the time Google removed the apps in late November, they were being used
to click endlessly on fraudulent ads. "Andr/Clickr-ad," as Sophos has
dubbed the family of apps, automatically started and ran even after a user
force-closed them, functions that caused the apps to consume huge amounts
of bandwidth and drain batteries. In Thursday's post, Sophos researcher
Chen Yu wrote:
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
