11-22-2018 , 12:06 PM
Quote:At least a dozen mobile apps with no legitimate functionality made it into Google Play and have been installed over half a million times. They would silently install another app and trick the user into approving its installation.
The end game is to make money from pushing unsolicited advertisements to the user when they unlock the device.
The real app downloads in the background
Malware researcher Lukas Stefanko of ESET found 13 fraudulent apps that shared the same behavior and published under the developer name Luis O Pinto.
Posing as games, the apps would remove their icon from the screen immediately after installation and start to download another app in the background from a hardcoded address.
Although slipping in the new package is done covertly, adding it to the system requires explicit consent from the user. This is where the missing icon of the initial game may play a part because it could make the user believe that the installation failed and restarted, prompting them to approve the action.
During his analysis, Stefanko found that the name of the downloaded package was Game Center; it would hide itself after launch and display ads when the device is unlocked.
https://www.bleepingcomputer.com/news/se...-installs/