Android New App Inspection Tool Finds 30,552 Malicious Apps on Google Play

[vissha]

New App Inspection Tool Finds 30,552 Malicious Apps on Google Play

127,429 suspicious apps found in 33 Android marketplaces

Security researchers have created a new app verification system that according to their own statements is much better at detecting malicious applications compared to the current app vetting systems used with various Android marketplaces around the globe.

Their research found over 127,429 suspicious applications, hosted in 33 Android app marketplaces. What is more worrying is that Google's Play Store was in the report, with 30,552 malicious apps detected, representing 7.61% of its total of 401,549 hosted applications.

"We implemented MassVet over a stream processing engine and evaluated it over 1.2 million apps from 33 app markets around the world," say the researchers.

According to their findings, MassVet not only can scan an app in less than 10 seconds but also "outperformed all 54 scanners in VirusTotal in terms of detection coverage," finding 34,026 new malicious apps.

From over the 125,000 suspicious apps it detected, the researchers also found "20 likely zero-day malware," each installed over one million times.

MassVet comes with a new approach to app checking

Compared to Google's Bouncer service and all the similar app vetting systems used by other app marketplaces, MassVet does not analyze app source code and its operations in a simulated environment.

How MassVet works is by comparing an application to other similar apps on the marketplace or its database.

By doing this it identifies possible cases of repackaging, a technique used by attackers to hide tiny bits of malicious code inside legitimate apps.

"These bogus apps are built for two purposes," say the researchers, "either for getting advertisement revenues or for distributing malware."

This statement can be backed up by their work, the researchers observing that Play Store developers that had malicious apps taken down, didn't have any problems re-uploading them.

"Among the 2,125 reappeared apps, 604 confirmed malware (28.4%) showed up in the Play Store unchanged, with the same MD5 and same names," noted the researchers. "Further, those developers also published 829 apps with the same malicious code (as that of the malware) but under different names."

As a conclusion outside of the research paper, since the researchers that worked on the project are claiming that their app vetter works in less than 10 seconds, there's a case to be made that Google needs to implement it as an alternate checking tool running in parallel with Bouncer.

Below is a MassVet video demonstration and the report's full results, broken down per marketplace.

Source