Recently Google Play was found in possession of a malicious app “Guide for Pokémon Go” that had been downloaded over 500,000 times so far and doing more than just guiding; it was hacking the Android devices, simultaneously.
According to the Kaspersky Lab’s researchers, the app contains layers and layers of clouding to pass undetected from the malware detection mechanism of Google Play. It is so nasty that it waits for another application to be installed or uninstalled on the device in order to detect the matched setting. After determining that the device is a green signal, it waits for another couple of hours to execute its module. It then links to a remote server and transfers the information and data of the device. The server in return might allow the downloading of the exploits for native privilege escalation weaknesses. Called the ‘Root Exploits’, they offer admission to Android’s highest privileged profiles. And complete exploitation might lead to a hack of the device.
To compensate the damage or to simply deal with the situation, Google has launched patches. But most of the devices could not receive the updates due to the disintegration of the Android ecosystem. Such root exploits, however, can be successfully dealt with the Android’s protection feature SafetyNet or Verify Apps. This app is not the only malicious app on the Google Play Store. Since the end of last year, many such apps were detected by Kaspersky. One such app was downloaded around over 100,000 times.
These occurrences are not common in the Google pay Store because of Google’s criteria of providing a safe environment for the user. But such slips show the flaws in even the most protected software and programs.