13/01/2014 18:49:39 - How safe is really Google Play Store?
The CRAM (Anti-Malware Research Center of TG Soft) team has carried out a little study on the Android apps distribution platform by Google.
In order to perform a real-world protection test, we decided to connect on Google Play Store and download some of the most popular apps of the market. We have downloaded a total of 500 apps, of which 9 were found to be malicious. According to these number, then, 1.8% of the apps on Google Play are actually malicious.
Of course, this study should definitely not be considered complete. Indeed, the dataset studied is rather too small to asses the overall safety of Google Play Store. However, it can give a rough idea.
Browsing the Google Play Store, the Trojanized app pretends to be a basketball videogame.
However, when you download it, the Trojan will be installed as: "Google Play".
If we launch it, the malware will open the Google Play Store page of Facebook. However, in background, it will start to connect to several web pages at the unbeknownst of the user. Some of these websites are:
Where pid, siteid and spaceid are differents IDs while mdocwill contain the actual URL that will be opened, such as:
All the apps have been all reported to Google. Hopefully, Google will proceed to remove these malware from the market soon.
Mobile Developer & Malware Analyst
CRAM (Anti-Malware Research Center) by TG Soft S.a.s.
Any information published on our website can be used and posted on other websites, blogs, forums, facebook and/or in any other form both on paper and electronically so long as you always cited source explicitly "Fonte: C.R.A.M. by TG Soft www.tgsoft.it"
TG Soft S.a.s. - via Pitagora 11/B, 35030 Rubàno (PD), ITALY - C.F. e P.IVA 03296130283