Malware returned to Google Play by simply changing the name

The Google Play Protect anti-virus system detects 99% of malicious applications before anyone uploads them to their device, but sometimes the algorithms fail. For example, Symantec specialists found in the store a bunch of malware that already appeared on Google Play.

What happened?

It was too easy to deceive artificial intelligence. According to the researchers, the attackers did not even modify the code - in order to undergo moderation, it was enough to change the names of packages and publish them on behalf of another publisher. In this case we are talking about the seven applications that were masked for emoji-additions for the keyboard, calculators, system cleaners, utilities for recording telephone conversations and so on. None of them fulfilled the declared function.

To increase your chances of success, when you requested administrator rights applications used icons of Google services. Having received the necessary permissions, the program did not do anything for four more hours, and only then began to display ads and send links to pages in the style of "you won a million dollars."

How to defend yourself?

In addition to downloading your antivirus (as without this) Symantec recommends that you download software only from trusted sources and make sure that Android applications do not require suspiciously many permissions. It is worth paying attention to the rating and the number of installations on Google Play, in addition, it will not be superfluous to periodically make backup copies of important data.

Google has not yet commented on the incident.

Source: Symantec
Photo by Lucas Zallio