That Android wallpaper app is actually signing you up for premium services

Tech Radar –

Researchers have discovered another batch of seemingly innocent Android apps that are actually designed to push malware onto the endpoints(opens in new tab), and rake up expenses to the unsuspecting victims. 

The latest batch included wallpaper apps, keyboards, photo editors, video editors, and an occasional cache cleaner or system maintenance apps, was discovered by the Dr. Web antivirus(opens in new tab) team, and have more than 10 million downloads between them.

Overall, 28 apps were found on the Google Play Store, having somehow managed to bypass Google’s strict security policies. 

Android apps hacked

As for the damages, the practice is more or less the same. Once installed, most apps will try to hide, changing their appearance in the app drawer to that of a system app. That way, they hope the users would be discouraged from uninstalling them. Then, the apps would push ads, and try to sign up the victim to various premium services, to rake up additional expenses.

None of this would have been possible if users wouldn’t give the apps the necessary permissions. Even though the apps are simple in design (and actually do what they’re advertised to do), they often ask the users for advanced permissions, such as the permission to be excluded from the battery saver feature, so that they can remain operational in the background even when terminated by the user – which itself is a major red flag.

Read More

Tech Radar