For all the hullabaloo in recent days about the XcodeGhost malware making its ways into the iOS App Store, no-one can argue with the fact that Apple has been much more successful at keeping malicious code out than, say, what we see on the Android front.
There has been a long history of Android malware. Much of it has appeared on unofficial third-party sites, but with disturbing regularity malware has also sneaked its way into the official Google Play app store too, lending trojans and adware the undeserved halo of legitimacy.
For instance, researchers at Check Point have just reported that an Android app called “Brain Test” was downloaded between 200,000 and 1 million times, using a sophisticated variety of tricks to avoid detection by Bouncer – Google’s technology which is supposed to stop malicious apps from entering the store.
You can find out more about the malicious Brain Test app, and view some tips about how to better protect your Android device from similar attacks, in the video I have made about the incident, and subscribe to my YouTube channel if you wish.
And don’t think it’s just Brain Test that you have to worry about.
Yesterday, researchers at ESET described how another Android trojan called Mapin has used the official Google Play store as a launchpad for an attack, hidden inside bogus versions of popular games such as “Plants vs Zombies 2”, “Traffic Race” and “Temple Run 2 Zoombie”.
Again, on this occasion, online criminals had found a way of avoiding detection by Google’s Bouncer. According to ESET, Google eventually pulled the trojans from the Google Play store – but only after they had resided their undetected for a year and a half.
Earlier this year, Google announced that all apps and updates will have to pass human review – but clearly it’s remains possible for criminals to slip their malware past such checks.
So, Android users. Don’t make the mistake of enjoying Apple’s XcodeGhost discomfort too much – you have plenty of reasons to be much more worried about malware in your own back yard.