Twenty-nine Android applications found on the Google Play were malicious, Symantec officials said.
The pieces of malware found in the former Android Market, now called Google Play, called Android.Dougalek, pretend to be popular games or game-related videos.
First discovered in February, the malicious elements were recipe apps, diet assistant apps, content management apps, and even adult apps. The same cyber criminals launched another series of malicious programs at the end of March, the names of which all end in “the Movie,” Symantec officials said.
Experts said at least 70,000 users may have installed the pieces of software, but the true number of victims may be as high as 300,000.
Initial analysis of the malware-laden applications shows they mainly target Japanese Android users. Also, it’s likely the ones that started this campaign are the same cyber criminals that spread the malware known as Android.Oneclickfraud.
Once installed, the apps request the rights to access personal data and the phone’s identity. While in the foreground it seems as they connect to an external server from which they download the much promised videos, in reality they gather information and send it back to the server.
Based on the fact “the Movie” programs collect data such as names, phone numbers and email addresses from the infected device, this campaign is most likely designed to gather information for future malicious operations.
Another thing is once they’re installed, the shady apps will show up on the Android device under a different name than the one presented on Google Play.
Currently, Google removed the applications from the Play site and even the Tokyo Metropolitan Police Department is looking into the issue, but in the meantime, users should be on the lookout for similar threats that may hide among the legitimate pieces of software hosted on legitimate Android app markets.