In a chilling reminder of how duplicate app stores facilitate the distribution of harmful malware, researchers have detected a Turkish alternative to the Android app store that hosts malware masquerading as genuine Android apps.
Malware being distributed by the Turkish Android app store can intercept SMSs, display fake activity and can download and install other apps.
Researchers at security firm ESET recently stumbled upon CepKutusu.com, a Turkish alternative to the Android app store that has been offering duplicate apps to visitors. The researchers noted that the apps being offered by the app store mimicked popular Android apps but in fact hosted harmful malware that could intercept text messages, display fake activity and download and install other apps and malicious software.
‘The malicious app distributed by the store at the time of the investigation was remotely controlled banking malware capable of intercepting and sending SMS, displaying fake activity, as well as downloading and installing other apps,’ they noted.
Unofficial Android app stores aren’t usually malicious by their very nature but their security flaws make them ideal targets for hackers who use them to spread harmful malware. However, as noted by malware researcher Lukáš Štefanko, the Turkish app store is the first of its kind as it is entirely infected by malware, which was possibly intended by its creators.
Once an app is installed from CepKutusu.com, it starts imitating the Flash Player and asks permission for a .apk file to be downloaded. Once downloaded, the file starts intercepting and sending SMS, displaying fake activity and downloading and installing other apps. However, the malware may not be able to operate for long as users would instantly delete apps that do not function at all.
To hide their malicious intent, the creators of the app store have thus introduced a cookie that stops malware from entering phones for as long as seven days after an app is installed. Once the seven days are over, the malware starts taking over infected devices.
Štefanko suggests that in order to prevent their devices from being infected by such malware, Android device users should always download apps from the official Android App Store and should always keep an eye on anything suspicious file name, size, and extension of software that they download from the internet.
He also suggests that Android device users should use reliable mobile security solutions that can protect devices from unauthorised access by harmful malware.