22nd January 2019

GooglePlay Security (Monthly Recap, Jan. 2019)

1. Summary

This month, we evaluated apps on GooglePlay. 10,029 apps are collected from China, America, Russia and Turkey regions. Among these apps, we found 22 apps in total are malwares or graywares (termed as PHA by Google), they are:

(GooglePlay has removed some of these apps, but all of them can be accessed via Janus)

2. Interesting Findings

1. Most of the PHAs are Adwares.

2. Tricky SMS fraud apps take a variety of techniques to bypass the vetting process of GooglePlay, e.g.,e9a2786a318968184fabdc21244dae7ef1058de9 sends SMS under the control of C&C server, dfb182f6d277acc54a63a629794e4e2cba42dabc sends SMS  if it is lunched via AD network.

3. “Your are the winner, but you should pay for the delivery in advance”. The fraudulent story in web is now migrating to app, and 2ea95471a4f490b12afa138ab1ffe228a528d112, which targets the Russia user, is an instance.

4. End-users are enticed to pay, after that, they found they are fooled. 5e7322607a7d0575d4bee48115aaec4c700a9274 is the case.


3. About US

In 2014, Pangu Team (@panguteam) founded PWNZEN InfoTech Co., LTD, a startup company at Shanghai, China, and expanded its research team to the Pangu Lab, with more general research interests from iOS jailbreaking, to IoT security, App security auditing, Android security, etc.