We usually regard Google Play as one of the safest places to get apps for Android devices. Even if the app asks for unnecessary permissions we usually accept it because the market is maintained by experts that make sure that each of the apps available is safe. Once in a while a rouge application slips in undetected that may cause a potential security risk for those who download it.
Security company Webroot has reported a new form of threat that is available in Google Play that hides itself in font installing apps The malware is called Android.TechnoReaper and consists of two parts, a downloader which is currently available in Google Play and the spyware app that it downloads. The good news is that the two apps that carry this malware aren’t that popular. One app only had 500 downloads while the second one had 10,000 to 50,000 downloads which is still pretty low in Android standards.
How does the malware work? Once a person downloads the font app there are options provided for you to choose various font types which you would need to download. Downloading a specific font type is not done through Google Play but through a private sever. While the app downloads the chosen font another program is also downloaded called the ikno.apk which is a package that contains the iKno Android Spy. The iKno Android Spy isn’t available in Google Pay can be downloaded from Amazon. The app is used to monitor another android device remotely. Some of its features are listed below.
- Write and send SMS texts, as well as monitor or modify incoming messages. The same applies for inbound messages or MMS.
- Write data on the external storage card
- Monitor and modify in any way outgoing calls or even initiate a call without actually going through the UI
- Track location using the cellular network / Wi-Fi / GPS or initiate network activity
- Access and modify contact data, audio settings and even record audio events
This is downloaded and installed on a person’s device without them knowing it. Once it is active in an Android device administrator access is granted to another user and sensitive data will become accessible.
Google has already pulled out two of the identified apps that carry this malware from Google Play but not after some people had downloaded them.
If you are concerned about malware issues affecting your android device then you might want to consider getting a good antivirus program.