Android malware developers have created workarounds to a new Google Play Store policy.
One established method for achieving this end is the use of Researchers at the threat analysis company ThreatFabric have published a report detailing some recent evolutions in Android malware droppers on the Google Play Store. Recent changes to Google Play policies restricting access to certain permissions have pushed malware developers to find workarounds. Google is constantly working to detect malicious applications and prevent them from appearing on its app stores where unsuspecting users could install them and unknowingly infect their own devices. However, crafty malware developers continually develop new ways to sneak malicious applications onto official app stores.One established method for achieving this end is the use of malware droppers , which are applications that contain very little malicious code when first installed. Droppers usually masquerade as legitimate apps with useful features and often do offer at least some of the advertised functionality. However, once installed, malware droppers download and install malicious payloads. Since the droppers themselves don’t contain the bulk of the malicious code, but instead download it from external sources, it’s more difficult to detect the droppers as malicious. Earlier this week, we wrote about a family of extensions in the Chrome Web store that employed similar tactics to Android malware droppers, downloading and side-loading a set of malicious scripts from a blank webpage.
The new policy is intended to prevent malware droppers from abusing this permission by restricting access to the permission to exclusively apps like web browsers, file managers, and dedicated app stores. However, malware developers appear to have discovered at least two different ways to work around this restriction.
