Researchers discovered eight malicious Android apps that were spreading a new data-stealing malware strain that also signs victims up for expensive premium services. The malware, dubbed Haken malware, was found mostly in camera utilities and children’s games in the Google Play marketplace.
The eight apps in question, which had collectively been downloaded 50,000 times, have since been removed. The apps functioned as advertised in the app description, performed an array of malicious functions behind the scenes.
The Haken malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services.
Haken has been deemed “clicker” malware, meaning that it mimics the user and is able to click on anything that appears on the device’s screen. This allows the malware to impact the victim in two primary ways. First, the downloaded apps are able to sign users up for subscription services, costing them money. Second, the malware has the ability to access sensitive information on the mobile screen, including work emails and messaging app conversations.
“Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns,” said researchers with Check Point Research.
After downloaded, Haken communicates with a remote server and asks for permissions that the actual downloaded app doesn’t require in order to function. It then injects code into advertising monetization platforms for Facebook and Google, which would allow attackers access to the credit cards tied to these accounts.
The impacted apps are:
Sam Bakken, Senior Product Marketing Manager, at OneSpan says: “The Google Play Store is no stranger to malicious threats. Providers of mobile apps are challenged to ensure that their apps are secure.”
Secure Your Organization’s Mind with Securemind.se