Google Play Store removes more than a dozen malicious Android utility apps

• The comparison
• Tutorials
• Google Play Store removes more than a dozen malicious Android utility apps

Security researchers helped launch 19 Google Play Store apps that installed rare rooting malware to take control of the smartphone. Discovered by Lookout cybersecurity researchers, malware dubbed AbstractEmu rooted an infected Android device to perform various malicious activities, including monitoring notifications, capturing screenshots, recording the screen, and even resetting the device's password or blocking it entirely. "By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant itself dangerous permissions or install additional malware, steps that would normally require user interaction," the researchers observe. Infected apps disguised themselves as utility apps, such as password managers, data savers, app launchers, etc., and were fully functional. Of the 19 apps removed, the researchers say seven had rooting capabilities and one had more than 10,000 downloads.

Rare, but deadly

The researchers say that while rooting malware has all but disappeared in the past five years, AbstractEmu is proof that it's not dead yet. Researchers are also fascinated with the measures taken by malware to avoid detection through the use of code abstraction and anti-emulation controls. Once on a device, AbstractEmu asks one of five exploits for old Android security holes to help root and take over the device. After taking control, it collects all kinds of data on the device, sends it to a remote server and expects to receive additional payloads. “At the time of discovery, the threat actor behind AbstractEmu had already disabled the endpoints needed to get that extra C2 payload, preventing us from learning the ultimate goal of the attackers,” the researchers conclude. Stay Protected With our pick of the best identity theft protection tools