December 5, 2018 By Douglas Bonderud 2 min read

Fake voice apps have been spotted on Google Play, and researchers suggested that more could be on the way.

As reported by Trend Micro, multiple malicious voice communication and messaging apps have been spotted on Google Play in the last month. While they appear legitimate at first glance, these messaging platforms leverage modular downloaders to contact command-and-control (C&C) servers, obtain payloads and serve up fake surveys designed to steal user data. They’re lightweight and minimally invasive, reducing the chance of detection by users or device security systems.

Once installed, the app contacts a C&C server for its payload. This contains an “Icon” module that hides the application’s actual icon to subvert uninstall attempts, and a “Wpp” module that opens arbitrary browser URLs and allows the malware to generate fake surveys intended to capture personal information such as names, phone numbers and home addresses. In addition, these apps contain a dynamic library module called “Socks” that integrates with Ares-C. While the researchers didn’t see Socks in action, they believe it may be a developing feature for use in new malware iterations.

Based on code similarities, Trend Micro believes these fake apps have the same authors and suggested that, despite Google’s removal of these apps from the Play Store, more are likely on the way as malware makers discover better ways to obscure malicious code.

What Is the Impact to Users?

For users, the immediate impact of these fake voice apps is having to deal with random URLs and persistent fake surveys. Uninstallation is also frustrating, since the applications take steps to prevent easy removal.

Trend Micro speculated that the malware operators’ current campaign may be a test run for a larger-scale botnet. Here, the ongoing impact is more worrisome: If whisper-quiet voice apps make their way onto user devices, compromise them without notice and leverage them for botnet-based attacks, the sheer numbers could be daunting at best and devastating at worst — especially if these applications make their way into popular download platforms.

Be Vigilant to Spot Fake Voice Apps

Google has taken steps to remove these applications from the Play Store. But with the specter of new versions on the way, users and organizations must take steps to protect mobile devices from these trash-talking apps.

From an end-user standpoint, IBM X-Force recommends regular software updates for both operating systems and antivirus solutions to help reduce the success rate of fake application infections. Meanwhile, IBM security experts advise enterprises to invest in unified endpoint management (UEM) tools that enable IT teams to view, manage and protect all corporate-connected devices before they become fake voice app victims.

Source: Trend Micro

More from

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today