SecneurX Threat Analysis
SecneurX Mobile Malware Advisory August 2022
Android users are constantly subjected to frauds by apps that they installed from Google Play Store. At SecneurX we have been monitoring the security of the Android Applications and identify those apps that are malicious and report them to the Android security team for enforcement and ultimately remove them from Google Play Store.
This month Malware Analysts at SecneurX have identified 42 apps that were malicious and were live on the Google Play Store which had a cumulative downloads of over 9 million times. SecneurX makes a continuous effort to identify malicious apps and till date 1000 such malicious apps have been identified and shared the intelligence with the appropriate authorities for enforcement.
These are the Top Malware that were identified to be live on the Google Play Store in August 2022.
How it spread
How it succeeded
Joker malware is designed to steal SMS messages, contact lists, and device information, and to sign the victim up for premium wireless application protocol (WAP) services.
Joker malware evades google security by frequently updating payload-retrieval techniques and obfuscated source code.
Joker malware disguises itself within common, legitimate apps like camera apps, games, messengers, photo editors, translators and wallpapers.
Hiddad is an ad-distributing malware targeting android devices. It hides itself after installation and displays ads periodically.
Android.Hiddad spread through Google play store.
It disguises itself within common, legitimate apps. It hides itself by changing its icon to default android system icons
Autolycos is a new Android malware family on the Google Play Store that secretly subscribes users to premium services
Autolycos spread through Google play store. Autolycos actor created numerous advertising campaigns on social media to promote their app to new user.
Autolycos is a malware that performs stealthy malicious behavior like executing URLs on a remote browser and then including the result in HTTP requests instead of using Webview.
Remove these apps if they are installed on your Android mobile devices as these have been identified as malicious.
Translate Anywhere (com.aque.tranlation)
Input Emoji Keyboard (com.input.kika.keyboard.emoji)
Icons Widgets (app.magic.icons.widgets)
Cute Keyboard (com.cutedom.ctkeyboard)
Best Blood Pressure (com.southeastz.bestbloodpressure)
Fire Messages (com.sergeantz.app.fire.messages)
Burn Photo Blender (com.burn.photo.bls)
My Message (com.mysms.easy)
Color Wallpaper Messages (com.reacolor.clw.messages)
SScan: QR & Barcode (com.sscanqrandbarcode.app)
XKeyboard: Neon Themes (com.xkeyboardneonthemes.app)
InCall: Personalization (com.incallpersonalization.app)
Xbuttons: Keyboard Themes (com.xbuttonskeyboardthemes.app)
Jokefun Video (com.oppqq.funnyvideos)
Pocket Theme - Icons & Widgets (com.pockettheme.shortcut)
NeoKey: Special Themes (com.neokeyspecialthemes.app)
YourKey: Bright Keyboard (com.yourkeybrightkeyboard.app)
Privacy Gallery - Collage (com.gallery.photo.collages)
LED Edge Lighting (com.dynamic.ledlight)
FunnyFont: Color keyboard (com.funnyfontcolorkeyboard.app)
HD Video Download (com.dada.wecanbi)
WoWCall: Fancy Screen (com.wowcallfancyscreen.app)
NeonStyle: Flash Keyboard (com.neonstyleflashkeyboard.app)
ALL Scanner Keyboard (com.tickt.scanner.ikeyboard)
Heart Live Wallpaper (artwallpaper.heart.glitter)
Hi Chat Message (com.mmsi.chat.sayme)
Heart Checker (com.whollyz.app.heart.checker)
Fonts Emojis Keyboard (org.change.font.nankeyboard)
Hybrid Photo Editor (com.wand.hybridphoto)
Art Painting (com.desk.art.painting)
Cosy Message (com.cosying.freejuanjuan)
Face Emoji Maker (com.mindface.stickercreator.desigyourself.quickmaker)
Super Charge: Battery status (com.superchargebatterystatus.app)
Useful keyboard (com.onrminshow.usefulemojikeyboard)
HDR Camera (com.hdr.camera.filter.snap)
Real Message (com.message.real)
Theme Keyboard (com.ledthemes.thkeyboard)
4D Screen: Wallpapers (com.screend4walllpapeers.app)
4D Wallpapers: Live Screen (com.d4wallpaperslivesscreen.app)
Natural Wallpaper - 4K & HD (gb.crazyseventyquick.twoaccesso)
4K Wallpapers - 3D Background (gb.corroboratedslow.seventystudio)
We strongly recommend Android users to check their devices to see if any of these apps listed below are installed and if so, we recommend to fully uninstall them using the app manager. SecneurX advises Android users to not install apps from third party stores and also scan their devices periodically with Google Play Protect. Android users need to take precaution and be cautious to not give unnecessary permission to apps if they feel its not needed for the regular operation of the application. Another important step in identifying the malicious apps is to periodically check Reviews of the apps in google play store before and after installing the apps. This way users can stay on top of the malicious apps.
Founded in 2018, SecneurX is an India based Cyber Threat Intelligence driven company whose suite of products are designed to boost organisation’s confidence in their cyber security posture. It supports its customers with its home-grown technology and latest global threat intelligence, enabling them to build a proactive cyber defense against targeted and complex threats with a 360-degree view of the tactics, techniques & procedures used by threat actors. Threat Intelligence Feeds, Malware Analysis (Sandbox), Breach & Attack Simulation platform are part of its product portfolio and are available for SaaS, On-premises, Private & Public Cloud deployments. The products are truly a viable alternative to existing global options for enterprises, service providers, and security vendors.