New Android Malware Found in 144 Google Play apps [source: gbhackers]

16 Nov 2017

No Comments

1356

New Android Malware called “Grabos” Found in 144 Google Play apps and its considering as one of the mass distribution play store Malware by huge number playstore apps.

There is no surprise now to see a malicious app in Google play store, hackers continued to deceive the Google safety checks and also they earn high ratings.

They named it as Grabos and the activity first discovered with free Android Music application “Aristotle Music audio player 2017”.

Most of the app found uploaded in August and October, in a short span they reached between 4.2 million and 17.4 million users downloaded and an average rating of 4.4.

How Grabos Evades Google Play security

Grabos Android Malware using Commercial obfuscator which makes static analysis difficult and even dynamic analysis is difficult without knowing it’s what the app is checking.

Researchers decompiled the apk and proceeded with analysis. They found Grabos Android Malware injected with file explorer and music player applications, every time when the application is triggered it checks if any of the following settings is not true and then it decides to launch the app with legitimate functionality or the fake one.

“Fake” vs “real” app flow. “BL” stands for “blacklisted.”

isOnline: Checks if the device has Internet connectivity
getIsBlacklisted: Checks if the Android debug bridge (adb) and development settings are enabled or if the device is in an emulator. If the latter is the case, the device is blacklisted and the “fake” app is launched.
getIsForcedBlacklisted: Flag set by the control server.

For more, click here.