App masquerading as the Play Store – 12/05/18
An app called Google Play Marketplace has been found in the Google Play Store looking very much like the Play Store app. Unfortunately it is actually a nasty piece of malware that steals banking credentials, tracks your location, steals data, memorizes key strokes and a whole bunch more. Like I said, it’s nasty.
Not only is this app nasty, it is also annoying. It asks for permissions to phone settings repeatedly until you finally give in. When you do, you hand over control of your device to the hackers. To add insult to injury the app asks for payment to allow access to Google Services and locks your phone until payment information is entered. Once you are allowed to use your phone again, anytime your try to browse to a website you are redirected to one that is malicious.
The only way to get rid of the malware and regain control over your phone is to perform a factory reset and wipe it clean. However by that time the hackers already have everything they want.
The scariest part of this story, is researchers found the word “test” adjacent to many of the malware’s lines of code. That means that this is just version one. Although the Google Play Marketplace app containing this malware has been removed from the Play Store, there is clearly a plan to release it again in another app. What that will look like is anyone’s guess.
Remember to read reviews and look for large numbers of downloads before you download an app. If you download one that repeatedly asks for permissions that it doesn’t need or asks for payment to access Google services, uninstall it immediately. If the problem persists, perform a factory reset.