Yet Another Bunch of Malicious Apps Found on Google Play


In a recent blog entry we covered how scammers continue to publish malicious apps on Google Play and how the Android app market is struggling to keep itself clean.

In many cases it is difficult to quickly identify any malicious intent of applications and in-depth analysis is often required to be truly safe—a challenge for Google Play’s publishing process to prevent malicious apps from slipping through.

Symantec Security Response has discovered 14 applications, all published by the same developer, that allow the developer to create connections to any website of their choosing. The malicious component runs in the background as an Android service and communicates to a number of command-and-control servers that wait for developer instructions on how to build HTTP requests. The remote-control component accepts a broad number of options and may be well suited to generate revenue through abuse of pay-per-click services.

The following applications published on Google Play contain this malicious component:

  • com.cyworld.ncamera
  • com.kth.thbdvyPuddingCamera
  • com.tni.pgdnaaeTasKillerFull
  • com.greencod.wqbadtraffic
  • com.teamlava.nbsbubble
  • com.bestappshouse.vpiperoll2ages
  • com.ledong.hamusicbox
  • com.ktls.wlxscandandclear
  • org.woodroid.muhflbalarmlady
  • com.lxsj.rbaqiirdiylock
  • com.neaststudios.wnkvprocapture
  • com.gamempire.cqtetris

These infected applications are mostly in popular categories like games and accessories, such as a camera app for instance.

Symantec detects these apps as Android.Malapp and notified Google of their presence. The apps have been removed by Google. We recommend installing a security app, such as Norton Mobile Security or Symantec Mobile Security, on your device. For general safety tips for smartphones and tablets, please visit our Mobile Security website.