Google has removed 13 Android apps from the Google Play after it was notified by security researchers that these apps made unauthorised downloads to the Android devices. The apps attempt to get root privileges, and when given, copy several device files to the system partition, leaving them untouched even after a factory reset.
The apps that have been removed include Cake Blast, Jump Planet, Honey Comb, Crazy Block, Crazy Jelly, Tiny Puzzle, Ninja Hook, Piggy Jump, Just Fire, Eat Bubble, Hit Planet, Cake Tower, and Drag Box.
The malicious apps were spotted by a security researcher named Chris Dehghanpoor from Lookout, a mobile security provider. He said Honeycomb, one of the 13 apps removed by Google, showed around a million downloads. The researcher said the apps besides boasting high download numbers, automatically gave positive app reviews on Google Play without user permission to further boost the downloads.
According to Dehghanpoor, the best way to remove the malware is to re-flash a ROM supplied by the device's manufacturer, since the malware can survive the factory reset process. The apps are claimed to be written by developers behind the Brain Test malware family.
"It seems likely that over 2-3 months, the malware authors used different names, games, and techniques to see what app they could publish in Play while flying under the radar," says the researcher.
In November last year a similar malware family dubbed Shedun was reported to affect Android devices. The Android malware was found to download unwanted apps as well as exploit a vulnerability in Android that made it possible for the malware to find alternative ways to interact with the infected device. The culprits behind it are said to have likely partnered with clients to guarantee them 100 percent ad display and installation.
The security firm expects to see more such malware in future. The state of security on Google's Android platform continues to remain alarming.