Malware has reappeared in Google Play, the official Android app marketplace, after previously being identified and removed.

Uncovered by researchers at Symantec, the malware was bundled inside at least seven different apps.

The apps were listed as emoji keyboard additions, space cleaners, calculators, app lockers, and call recorders, but none actually performed the advertised functions, and only existed to serve up malware in the form of adware to drive clicks for illicit profit.

The malware has previously appeared in the Play Store, before being removed after Google was alerted to its presence. However, the same malicious code reappeared in the official Android market place again, but with apps featuring slightly different names under the banner of a new publisher.

In order to help the apps slip past Google Play security, the malware is configured to wait four hours before starting the malicious activity. This also helps lure the user into a false sense of security about the app, so even if they notice the device acting suspiciously, they might not attribute this to the recently installed application.

Following activation, the malware looks to consolidate its position on the device by asking for administrator privileges in order to carry out its activity and make it more difficult for the app to be removed.

In order for the request to look convincing, the attackers use an official Google Play icon when asking for administrator privileges.

The malware using Google imagery to ask for admin rights.


[SOURCE]