Several brand new Android malware, phishing and adware applications recently made their way to Google Play store, fooling millions of unwitting users into installing them.

The applications were identified by Dr. Web antivirus and masquerade as useful tools and system optimisers. However, they only caused performance issues, unwanted ads, and user experience deterioration for the more than two millions users who downloaded them.

TubeBox available on Google Play

One application highlighted by Dr. Web has amassed more than one million downloads and is entitled TubeBox. The app promises cash rewards for users watching ads and videos but never pays out as promised. It presents several error messages to users when they try to redeem the rewards they have earned for viewings.

Even for those users who manage to complete the final step and action a withdrawal, no payment is ever forthcoming. Cybersecurity researchers state that every part of the application is simply a trick to attempt to keep users on the app for the longest duration possible, watching adverts and generating revenue for the app developers.

TubeBox was not the only malicious app of this kind recorded in recent months. Many other adware apps have appeared on the Google Play Store in October but have now been successfully removed. These include:

  • Bluetooth & Wi-Fi & USB driver (100,000 downloads)
  • Fast Cleaner & Cooling Master (500 downloads)
  • Bluetooth & Wi-Fi & USB driver (100,000 downloads)
  • Volume, Music Equalizer (50,000 downloads)

All the above applications receive Firebase Cloud Messaging commands and are designed to load websites specified in those commands to generate fraudulent ad impressions onto the infected computers.

The Fast Cleaner & Cooling Master app, which has a lower download volume, also allows remote operators the ability to configure an infected computer so they can use it as a proxy server. The proxy server then allows the threat operators to channel traffic of their own through the infected computer or another device.

Investment scam applications targeting Russian users

Experts at Dr Web antivirus also uncovered a set of applications featuring a dangerous loan scam. The malicious apps claimed to possess a direct relationship with Russian-based investment groups and banks. Each loan scam app had about 10,000 downloads via the Google Play store.

These applications were promoted using a malicious advertising campaign that used other apps. Each ad promised guaranteed profits from investment to users, but the apps were actually engineered to take the victims to dedicated phishing sites that harvested their personally identifiable information (PII).

How to protect yourself from fraudulent apps

Users seeking to protect themselves from any fraudulent applications available to buy through the Google Play store should always take the following basic steps:

  • Read through reviews for negative experiences
  • Scrutinise the privacy policy
  • If you remain suspicious, visit the developer’s website to further evaluate the app’s authenticity.

As a rule, it is always the best policy to try and keep the number of apps installed on a device to a minimum and to periodically check and make sure that the Protect feature from Google’s Play is still active.