Security researchers have discovered a set of malicious apps on the Google Play Store that are reappearing after being removed by simply changing their names. Malware identified as Android.Reputation.1, a Trojan first encountered in 2014, has been found in new iterations of at least seven apps on the Play Store after Google was previously alerted to them. Dean Ferrando, Systems Engineer Manager – EMEA at Tripwire commented below.
Dean Ferrando, Systems Engineer Manager – EMEA at Tripwire:
“With over 2 million apps in Google’s Play Store, it is inevitable that some malicious apps will creep through. Despite this, users should still trust the Play Store but by following some basic safety tips, they can help reduce the chances of downloading a rogue app.
Never ever grant administrator permission to any application without absolute trust for why it is needed. Android users should also pay attention to the permissions they are granting applications when they install them, even applications that advertise themselves as “mobile security” apps often have overzealous permissions, have access to and harvest personal data. Keeping the options enabled to only install apps from Google Play and to verify apps upon installation will also minimize exposure to such threats.”
