Security firm Symantec has reportedly found a number of malicious apps that were previously thrown out of the Google Play store and now come with new developer names, new app names, and new icons that select Google's own app. The apps in question are duplicates of malicious apps that previously skipped Google's protections, right down to the last line of malicious code. These new apps are the return of a malware class called Android.Reputation.1, first released in 2014.
For those who have never read about the previous infestation, this particular malware appears in apps that are not & # 39; t actually do what they are advertised. Instead, they hide after a few hours and begin their malicious behavior. It all starts with the apps asking for device administrator rights, as is often the case with malware. When these permissions are granted, the app can not only hide but perform a series of actions on the device and prevent the user from uninstalling them. From there, the app triggers users to cheat websites arbitrarily, and pulls ads from Google to give creators of malware a profit. The apps all connect to a command server, which means they can use their administrative permissions on almost everything. It should be noted, however, that none of the variants found by Symantec actually received any further instructions from the server. 19659002] While identity theft and the sale of user data can be extremely lucrative, it seems that this malware only serves to provide ads and other unwanted content to make the creators of the malware a quick buck. This behavior is annoying, but in and of itself not completely dangerous. Users are still cautioned to be very careful about what they download and, if possible, to stick to the Play Store, even if the protection is not infallible. Almost any mobile antivirus program that has administrator privileges on your device, such as Lookout or Symantec's own solutions, should be able to remove malware in the Android.Reputation.1 family, since the codebase has not changed since 2014.