Malicious applications were found in the online store and were disseminated through a secondary app, installed after download
Security researchers from antivirus firm Symantec identified two malware applications on Google’s Play, which uses a delivery system for viruses in multiple stages, lest they be easily identified.
The apps that have been removed by Google, disguised themselves as games: “Super Mario Brothers.” and “GTA 3 – Moscow city.” “Both were placed on the Google play on June 24 and started to generate an average of 50,000 and 100,000 downloads,” said security researcher at Symantec. Once installed, applications lowered an additional package of a Dropbox account called “Activator.apk” and asked the owners of phones that instalassem. The fact that viruses be delivered in multiple applications may be the cause for which they have stayed so long in the Google play without being identified.Earlier this year, Google began using automatic scanning called Bouncer to detect malware on Google Play. The Bouncer emulates an Android environment and runs all the published applications, monitoring suspicious activity. However, by lowering the secondary server app development and requesting that the user install, does not mean it is a malware. This is not the first time crackers use multiple applications to produce a malware. The Android.Lightdd and Android.Jsmshider, discovered in 2011, lowered additional components after the initial installation. There are a number of advantages in using this scheme to spread viruses. First, the initial non-malicious app needs to display an extensive list of permissions that can make users suspicious.
Then, if the initial app is downloaded from the official Android, Google Play, is more likely that you assume that the additional application also came from the same source. Symantec has identified two new malware as Android.Dropdialer. According to Sources, the Android security team immediately removed the threat after being notified by the antivirus company.