The Play Store has been a haven for malicious apps for Android and Google is always on the lookout but now hackers are now embedding malware on preinstalled apps that come with a new device. We’ve had countless reports of malware-ridden apps this year alone like these ones that rendered devices useless and these innocent looking ones that had malicious code that let them generate fake ad clicks to generate fraudulent revenue in the background when the app was not open thus draining the battery and your data bundles while committing other privacy violations.
Google has increased scrutiny on the apps published on the Play Store to ensure they are free of malware plus also using its Play Protect feature for checking apps sideloaded for any harmful code. This has now made threat actors start embedding malware on preinstalled apps especially if the devices are using Android’s Open-Source Project (AOSP).
Here are the slides from my @BlackHatEvents talk on reversing Android pre-installed apps & case studies of pre-installed security issues! #BHUSA https://t.co/Zhf5gU8lhv pic.twitter.com/nK13eH88au
— Maddie Stone (@maddiestone) August 9, 2019
These recent revelations were made in Las Vegas during last week’s Black Hat security conference where security researcher, Maddie Stone who works with Google’s Project Zero warned the attendees about the dangers of pre-installed apps.
“If malware or security issues come as preinstalled apps, then the damage it can do is greater, and that’s why we need so much reviewing, auditing, and analysis.” She said adding that since these attackers just have to convince one company to include their app in their devices.
Madison continues to point out that, “The Android ecosystem is vast with a diversity of OEMs(smartphone companies) and customizations—if you are able to infiltrate the supply chain out of the box, then you already have as many infected users as how many devices they sell—that’s why it’s a scarier prospect.’
Chamois and Triad are some of the malware attacks Maddie Stone mentioned that take part in ad fraud and install background apps.
There's been a lot of questions about the Android malware, Chamois, that I presented as one of the case studies at Blackhat. If you're interested in Chamois, I spoke in depth on it @TheSAScon in April.
Video: https://t.co/LgRo4LDRGQ
Slides: https://t.co/n2DpXPKrQs pic.twitter.com/1oDmuQ0hEP— Maddie Stone (@maddiestone) August 12, 2019
The infected pre-installed apps go under the radar so that you can’t even see their app icon on the app drawer.
Madison Stone assures users that Google has been scrutinizing pre-installed android apps from March 2018 to March this year. This has effectively reduced the number of devices with Chamois to 700,000 from 7.4 million.