No matter which device you connect to the internet from, you always need to be watching for scams. They usually come in the form of phishing emails, suspicious texts, or trojan-infested apps. Thankfully, if you stay vigilant, you can avoid most scams. But some are harder to avoid than others. For example, Samsung appears to be hosting a selection of apps on the Galaxy Store which could end up infecting your phone with malware. You might even have them on your Android right now.
Samsung’s Galaxy Store has a malware problem
Earlier this week, Android Police writer Max Weinbach called out Samsung on Twitter for distributing malware-laden apps through its mobile app store. While searching the Galaxy Store for the Hulu app, Weinbach came across a series of shady movie streaming apps:
Shortly after Weinbach tweeted about the problematic apps, Android Police started digging. The site found that the specific app pictured in the tweet is a clone of an old movie piracy app called Showbox. Several were available on the Galaxy Store earlier this week, but I could no longer find any of them on December 30th. Samsung might have taken action after reports began to surface.
According to Android Police, Virustotal revealed that one of the apps triggered nearly 20 alerts about clicker trojans, malware, riskware, and more. The apps also request permissions that they shouldn’t need, including access to the user’s contacts, call logs, and phone app.
Android Police reached out to Android security analyst linuxct for his thoughts on the matter:
A subsequent investigation revealed that ad tech in the app is capable of doing dynamic code execution — in short, while the app itself as it’s distributed may not directly contain malware, it can download and execute other code, which could include malware. Linuxct added that there are very few legitimate use cases for this functionality, and it could be weaponized easily. “So at any moment it may become a trojan/malware, hence it’s unsafe and thus why so many vendors flagged it in VT/Play Protect.”
Malware, piracy, and more
Beyond the fact that these apps might infect phones and tablets, Showbox was a major hub of pirated content. Presumably, the clone apps attempt to offer a similar service. These apps probably shouldn’t be available on an official app store, even if they are clean. Furthermore, the real Showbox app does not exist anymore. Android Police points us to a Reddit post from last March:
The app is down. At this present moment in time there is no evidence to suggest it is returning any time soon. If and when it does, an announcement will be made here. […] There are no legitimate alternatives bearing the ‘ShowBox’ name. Any and all websites or apps purporting to be ShowBox are fakes.
With all of that in mind, it’s hard to figure out why Samsung allowed the apps on the Galaxy Store. As often as we write about malware on Android devices, it’s disheartening to see Samsung falter when it comes to quality assurance. Needless to say, if you downloaded any suspicious movie streaming apps from the Galaxy Store in recent months, you should probably delete them. Better safe than sorry.