skip to Main Content

Who is building botnet with fake apps on Google Play?

Who Is Building Botnet With Fake Apps On Google Play?

Who is building botnet with fake apps on Google Play? Trend Micro cyber security experts discover apps, posing as legitimate voice messenger platforms, with suspicious automated functions. Cybercrime could use them to launch cyber attacks

Is there anyone who is building a botnet with fake apps on Google Play? Trend Micro cyber security researchers discovered several uploaded apps, posing as legitimate voice messenger platforms, with suspicious automated functions such as automatic pop-ups of fake surveys and fraudulent ad clicks. Observed variants of these malicious apps and malware have been deployed since October, with its evolution including evasive techniques and its infection behavior divided into several stages. A cybercrime group may be in the process of adding more features and updates for future malicious activities such as botnet attacks. Infection numbers at the moment are not yet critical, but the increase in uploads and user downloads for the remaining live apps call for continued observation due to its rapid development and distribution in the mobile ecosystem”.

All the analyzed samples have similar coding and behavior, “which make us suspect that the cyber criminals are working on additional modules and will deploy more malicious apps

Trend Micro’s cyber security experts took one of the apps as an example to show their common behaviors. All the analyzed samples have similar coding and behavior, “which make us suspect that the cyber criminals are working on additional modules and will deploy more malicious apps,” they reported on the company’s blog. “Uploaded on Google Play, the app (detected as AndroidOS_FraudBot.OPS ) tries to be subtle by using lightweight modular downloaders to compromise unknowing users’ gadgets. While the published uploaders of these apps are different, we suspect that the apps came from the same authors since the codes are similar to each other. Once downloaded, the first component connects with the C&C server, then decrypts and executes the payload”. Furthermore, it displays “fake survey forms to collect users’ personally identifiable information (PII) in exchange for gift cards”.

The Trend Micro analysis on this new cyber threat

Back To Top