Anatsa Android malware downloaded 150,000 times via Google Play

[SamReomo]

Not just algorithms for automatic approving, malware detection should be given as better, manually checking the codes should be strict, since it's required when you as a developer trying to list your app in PS for first version upload and in every update. Although they are more strict now than before but still got bypassed by malicious actors/users.

It's first time I'm hearing that, is it strange that all programmers need to share their code to Google in order to get their application listed on their store? Are you sure about what you said? I mean highly reputed vendors may hesitate to share their code to Google or anyone else because sharing of that code may allow others to easily make similar applications with less effort.

Since you said that then I guess in that case malware developers might share fake code first which's free from malware and when they compile the application then they may include the malware in it. Google might think that the applications source code was free from malware and the actual compiled APK might also be free from all such malware.

[PX-Z]

It's first time I'm hearing that, is it strange that all programmers need to share their code to Google in order to get their application listed on their store? Are you sure about what you said? I mean highly reputed vendors may hesitate to share their code to Google or anyone else because sharing of that code may allow others to easily make similar applications with less effort.

Since you said that then I guess in that case malware developers might share fake code first which's free from malware and when they compile the application then they may include the malware in it. Google might think that the applications source code was free from malware and the actual compiled APK might also be free from all such malware.

It's not actually the whole source code, it's the app bundle where everything is there for them to see, also apk file can be decompiled using certain tools to see the source code of the app. Although we are not certain the internal process of how they scan and accept the developer's app, probably someone tests it. Because Google asks different questions that can be seen inside your app when you first upload the first version of the app. But after this process they become too lenient in some way, this was way back 2020 when im working as mobile frontdev. Idk how the process in still going after they "update" their policy etc.

[tabas]

Phone Cleaner - File Explorer (com.volabs.androidcleaner)
Phone Cleaner: File Explorer (com.appiclouds.phonecleaner)

Do people really download these? AFAIK, most android phones have their built in cleaners and there's no need to download one. There's also the defragmentation which is enough to adjust and prolly clean some from the storage. I do understand if people are downloading pdf readers and viewers but the manufacturers should start to have them built in or most of them probably have because I can read PDF files without having the need to download these apps. It's what people need to do, explore their own smartphones without having the need to download anything since the feature they need was already built in on their phones.

These two apps might be installed by those who usually have that feeling that something is eating up their storage and they may be thinking this app may be helpful to them, while though most of newer Android phones comes with this apps default but not everyone may like the UI or UX of such apps in the device and so will try to download app offering such service.

I know that there are those users that don't mind downloading these apps and they don't have an idea that these contains the obvious malware or something that's going to make their smartphones even slower. I remember that there were people that even download "additional ram" on their phone through playstore and that's funny though but it is for real. They think that these apps really are going to make their phones perform better and these hackers are able to inject these malware on these apps that they develop.

[Sandra_hakeem]

It's very appalling that android users don't know most of this viral malwares and it's right beneath Their nose...
I'm not gonna put too much blame on them as they wouldn't indulge in downloading them apps in the first place, should they know what it is - but GOOGLE play store?? What's their fuckin problem?... Yeah, they've added a tap-in button that can flag some apps as inappropriate - but what if this happened already without their notice? 150,000 times? ain't no way!! This people must solely be after the money they make.

Sandra 🧑‍🦰

[lixer]

That's one of the reasons why I don't use Android. This is not the first time that malware or spyware packaged in a harmless app has been included in the Appstore. This has never happened with Apple. Even though many crypto apps encrypt the stored keys, I would never take the risk of running a wallet or other crypto apps on Android.

Let's not make this another debate about Apple vs Android and the ever-lasting rivalry between the two brands because whether it's Apple or Android, things like these can happen in both of them, I believe the reason why they mostly target Android is because they know it has a higher user base and it also allows more freedom for the users when it comes to installing applications and software and giving access to them.

I know it's a flaw and they need to work on it, but I don't agree that the same can't be done on Apple because hackers and exploiters can always find a way to do the same with Apple as well but they know they are going to get more people to target with Android so they probably keep it their primary target.

[Cricktor]

There's a significant difference between Apple and Android here: to be able to publish apps on Apple's app store you need a paid account that adds cost for evil entities and a credit card. A Google developer account to publish apps on Google Play Store is for free as far as I remember.

Once your malicious apps have been detected you can bet Apple will suspend or cancel your dev account, of course without any reimbursement. I'm not sure though if this is a key reason that malware seems to appear less in Apple's app store which isn't immune to malware.

[jrrsparkles]

That's one of the reasons why I don't use Android. This is not the first time that malware or spyware packaged in a harmless app has been included in the Appstore. This has never happened with Apple. Even though many crypto apps encrypt the stored keys, I would never take the risk of running a wallet or other crypto apps on Android.

Well App store have same situation too but the number of occurrences may differ but you can't say that it never happened on IOS app store cause it happens there too.

If you are running a crypto wallet on a smartphone then try to keep it as stock, installing more apps can do harms like this and at last use the apps that's known for years, not because it's in the top rank in your region/country.

[Cricktor]

An app that's known for years is no guarantee to stay clean. There's always the possibility that an app gets entirely sold to some new owner who has some nefarious plans with it. A significant user base is attractive to evil entities. After being sold the new owner continues at first to maintain the app, maybe even introduce new features or gimmicks.

Then what if the app turns slowly but hidden evil with some updates that the user base happily installs or is installed automatically. Disguised payload dropper components are introduced, piece by piece.

I didn't keep track of sources, but this has happened in the past. If I remember correctly there was some QR code reader app that became evil. There are surely more examples... (sorry, no sources for this; you don't have to believe, just use your imagination)