Recently, a few dozen apps were found in the Google Play Store that carried a nasty malware known as Android.Spy.277 hidden in the apps. Unfortunately for millions of users, these apps have been downloaded to their phones, and the results have been rough on said users. The apps contain malware that does anything from gathering info like their IMEI (serial number), their Gmail address, even their geographic location, and in some cases, will even attempt to root your device.
The type of apps vary from games to fitness trackers to image editing, and even instant messaging apps. When the user opens the clone app, it sends a report to the hacker’s command and control server (basically home base) and then it will send the app certain instructions, from open a pop ad or place home screen shortcuts on the front page of the device.
Another side effect is that the app will send messages to the home screen and phone that something is critically wrong with their phone, such as the battery is going bad or the phone is overheating. The user is then prompted to download an app to fix their “issues” and that app also contains malware. Working for a cell phone provider has allowed me to see this in person, as many customers present these same issues to us.
Google has been diligent in removing the apps, but as with all things malware, people should continue to practice safe downloading habits. Users are urged to research the apps before download, and most importantly, install an antivirus program on their phones.