Android pulls 24 ‘dangerous’ malware-filled apps from Play Store – Naked Security

Android users: got a mobile app named Weather Forecast?

If so, you should squash it like a bug. Google’s Play Store has already swatted it, along with 23 other vermin apps, all of which have cumulatively been downloaded more than 382 million times.

Their commonalities: they all come from a Chinese parent company that’s tucked behind a handful of app developers, and they all have a penchant to ask for dangerous permissions, harvest data and send it back to Chinese servers, sneakily launch browser windows and click on ads, and/or sign you up for pricey premium phone numbers.

Researchers from VPN Pro recently discovered the bad apps when looking into the dangerous permissions that popular free antivirus apps request.

Such apps are called rogueware. As Sophos’s Roland Yu has explained in this whitepaper, the term describes apps that pretend to detect and fix problems… while also trying to convince you to pay money or even to add more malware. They ask for permission to upload files to your system – a permission that can lead to an app adding malware to your device that, insult added to injury, you’ll have to pay to remove.

VPN Pro Researcher Jan Youngren said in a blog post on Monday that when his team analyzed 23 companies behind 100+ VPN products, a developer called Hi Security with three VPN products under its name popped up. As the researchers kept digging into the excessive, unnecessary, dangerous permissions these apps ask for, the name Hi Security popped up again.

VPN Pro found that Hi Security was just the tip of the iceberg. It turns out that, tucked away behind the app developer Hi Security, is its owner: a Chinese company called Shenzhen HAWK that has yet another four app developers. Shenzhen HAWK is behind the two dozen apps on VPN Pro’s list of apps to steer clear of, some of which are known for containing malware and rogueware.

Youngren said that the Weather Forecast app is infected with malware: during testing, it was seen harvesting users’ data and sending it to a server in China; subscribing users to premium phone numbers, leading to stiff charges on their phone bills; launching hidden browser windows; and clicking on ads.