Quick Heal Security Lab spotted 27 malicious apps of dropper category on official “Google Play Store”. These apps have been removed from Play Store after Quick Heal Security Lab reported it to Google last week. These apps continuously show installation prompt for fake “Google Play Store”. If any user falls prey to this trap and installs the fake “Google Play Store” app, then his device gets infected by an Adware. The parent apps launch dropped app without any user interaction. On launching, it displays some stored wallpaper and after that, it hides its icon. So user will not be able to identify easily which app is showing the advertisements.
The fake “Google Play Store” remains in device even after its parent app is uninstalled and it keeps on displaying full screen adds at random time intervals. These Apps were published by same developer with name “AFAD Drift Racer”. All these apps belong to free Car Racing Games category.
Fig 1: Malicious dropper apps from Google Play store
After installing and using any of the above apps, the app continuously show an installation prompt of fake Google Play Store. It states that you need to install Google Play Store for gaming purpose. If we cancel the installation prompt, then it shows the pop-up continuously until you install the app. Whereas, in reality, for gaming purpose Google Play Games is required. If any game is not supported by latest version of Google Play Games, then there is a pop-up to update “Google Play Games” and it redirects to play store. Google Play Games never download itself nor gives a pop-up for installation. If we cancel the installation prompt, then it shows the pop-up continuously until you install the app.
On executing the parent app, it launches the dropped app as shown in below image.
Fig.2: Launching dropped package
For making an illusion of genuine Google Play Store app, it uses the similar icon of Google Play Store. Sometimes, it is easy to distinguish between fake and real app based on the icon.
Fig.3: Dropped app package
After installing fake Google Play Store app, we can see it for few seconds and then it automatically hides its icon. The app keeps on running in background and shows full screen ads till you don’t uninstall it manually.
Showing aggressive ads and making money from them is monetization concept used by malware authors. In this case even if user is not using the app, still full screen ads are shown. This not only degrades user experience but also wastes his time.
Quick Heal Mobile Security detects these apps by detection name “Android.Dropper.F” and the dropped apps by detection name “Android.HiddenAd.A“.
Fig.4: Fake Google Play Store installation prompt and full-screen ads displayed after installation
Follow these steps to check whether a fake Google Play Store is installed on your phone.
This would change as per your Phone Manufacturer.
Fig 5: Fake Google Play Store
Fig 6: Fake and original Google Play Store in-app manager
Here is the list of malicious package names with MD5 removed from Play Store:
Package Name | MD5 |
com.cit.cliosport | 23f03560eafe72951b1d8a2f955d5771 |
com.cit.veyron | cf4a803f3910f71e106ba23923091c5 |
com.cit.sls | 3720fe03b1f8122abd9c7c69fa906030 |
com.cit.dodgeram | cac14e53952c9f4b1600340106e4a398 |
com.cit.mustang | 3d23fb4a68cca7759e4d38bfa1ac710c |
com.cit.viper | 651964babc944f4f48ed6dba80848399 |
com.cit.m3 | 6f9d7eeec90ac88e6eaf65fbe75eec7c |
com.cit.p911 | 5659db7af3faecb4408462b769dc43df |
com.cit.mustang74 | 460043de1b5d79c55b7e6454e1ade753 |
com.cit.r8 | e68f5c1a0275bc9fb3308033ed19df2c |
com.cit.golf | cc6f569b5090369b46cf2643f8a14597 |
com.cit.gam | 9ce3a3fca7785b2bab5271fad1477940 |
com.cit.clio | 89077157bf3aab2013b9eb24dc6b40e2 |
com.cit.m3classic | a7ac94bc0e8de4402f2ffc94c6d8ff58 |
com.cit.supra | 7c15dd5f540a706c7094801f1a15874e |
com.cit.gt | 2351be406094279760df029811738945 |
com.cit.gallardo | b6f40433b44d8d3f7ae11638333ccf45 |
com.cit.cooper | 4a6171812af502131d71f7387b5a3245 |
com.cit.q7 | ca645d622bd26c6804cd21360d95e13c |
com.cit.mustang72 | 0a498c79835247005e1f422619372835 |
com.cit.skylinegtr | 3946517acd5532bf0d2d9efc81563142 |
com.cit.lancerevo | 92c64d6f77d235920e0a7751e6947924 |
How to stay safe from fake mobile apps
1. Check an app’s description before you download it.
2. Check the app developer’s name and their website. If the name sounds strange or odd, you have all the reasons to suspect it.
3. Go through the reviews and ratings of the app. But, note that these can also be faked.
4. Avoid downloading apps from third-party app stores.
5. Use a reliable mobile antivirus that can prevent fake and malicious apps from getting installed on your phone.
Google Play Store links for Malicious apps reported by QuickHeal
Note: These apps have been removed from Google Play Store by Google last week.
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.cliosport
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.veyron
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.sls
https[:]//play[.]google[.]com/apps/details?id=com.cit.dodgeram
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.gt
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.gallardo
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.mustang
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.supra
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.viper
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.m3
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.f500
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.p911
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.amarok
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.mustang72
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.mustang74
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.q7
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.m3classic
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.gam
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.r8
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.skylinegtr
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.m3sport
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.golf
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.clio
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.gam
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.cooper
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.lancerevo
https[:]//play[.]google[.]com/store/apps/details?id=com.cit.hummer&hl=en
No Comments, Be The First!