Even various legit Android apps have been found to have additional hidden powers, which is why it shouldn’t surprise us that one more piece of malware has apparently made it to the Google Play Store. FireEye, the security firm that discovered the malicious app, worked with Google to have the app removed from the store after finding that it was able to steal user data including SMS messages, certificates and even banking details.
Titled “Google Play Stoy,” the app pretended to be the official Google Play Store app once installed featuring the same app icon, albeit it did have a weird “google app stoy” name.
Apparently the app was able to evade detection – with only three out of 51 antivirus apps being able to detect it – by encrypting the malware part behind a fake user interface.
Once installed, the malware app can’t be uninstalled. Instead, it fools the user into believing it malfunctions and is automatically uninstalled by providing fake error messages.
However, while the app disappears from the screen after showing an error message, it still runs in the background, from where it’s able to collect data and send it via email to Gmail accounts – the FireEye team has worked with the Gmail team to also terminate the Gmail accounts that received data from this app.
It’s not clear at this time whether Android users have been tricked into downloading and using this app.
UPDATE: FireEye checks in with a clarification: “The malicious ‘Google Play Stoy’ app was never actually available for download in the official Google Play store so it never needed to be taken down from there. Because of that, what FireEye did was work with Google’s Gmail team to take down the hacker(s) Gmail accounts where the stolen information was being sent.”