From time to time we discover new malware infiltrations on Google Play, but the truth is that these undesirable apps sneak into all app stores. A month ago we knew of a Trojan infiltrated in Huawei App Gallery and now it is the turn of Samsung’s application store, the Galaxy Store.
This time the report does not come from a team of antivirus analysts, but from Max Weinbach from Android Police, who reported on Twitter having downloaded several apps from the Galaxy Store that were detected as malicious by Google Play Protect as soon as they tried to install on the device.
Play Protect fighting with Galaxy Store
Samsung mobiles have two application stores installed on their mobiles: Google’s and Samsung’s. The first one integrates Play Protect, the Android antivirus; Not in the second, but Play Protect works anyway every time you install a new application on your mobile, even from another store.
It is precisely Google’s Play Protect that has brought to light that applications recently downloaded from the Galaxy Store were detected as malware. Before being installed on the system, a warning is displayed stating that the application may be malicious.
Max Weinbach assures that this has happened to him with at least five applications in a row, being supposed clones of an application to view content that has been missing for a long time. If you ignore the warning and decide to install the app anyway, the first thing it does is ask for access to the call log, which is never a good sign. An analysis of the APK file of one of these applications in VirusTotal results in positive in several positives, in most cases classified as Clicker, generic Trojan or simply suspicious when allowing remote code execution, a common resource for malicious applications to evade detection when uploading file to app store.
We draw two conclusions from this news. The first, that malware seems to be winning the arms race against the protection services present in all Android application stores. The second, that it is highly recommended to keep Play Protect activated, even though it is not infallible, as well as to avoid downloading apps of dubious origin and legality.
Post Credit: Android Police