Google has removed two Android apps from the Google Play Store containing malicious code that could have allowed an attacker to gain root access to infected devices.
The two apps, Magic Browser and Noise Detector, both managed to evade detection from Google’s own malware scanner and were downloaded onto thousands of devices before being flagged by security researchers at Kaspersky Lab.
Magic Browser was the more successful of the two apps, achieving more than 50,000 installations and more than 180 mostly positive reviews since first appearing in the Google Play Store on May 15. The app looked like and operated similarly to Google’s own Chrome browser.
The other app, Noise Detector, supposedly could measure noise and determine its decibel level. It appeared in the Google Play Store on May 20 and was downloaded more than 10,000 times before being removed by Google.
Both apps, Kaspersky Lab researcher Roman Unuchek said, were vehicles for the Ztorg Trojan, a piece of malicious software that has become a more prominent threat to Android devices in recent months.
In a typical Ztorg Trojan attack, the virus will collect information about the user of an infected device and send it to the command and control server operated by the attacker. Once the command is given the trojan starts to hijack the victim’s SMS messages, deleting incoming texts before they are read and sending out texts that attempt to infect other users.
Kaspersky Lab said the Magic Browser app contained 11 instances of code designed to send text messages. The app would hide the activity by opening links to advertising websites that would provide cover.
The apps were updated with interchanging code, sometimes malicious and sometimes innocuous, to disguise its true activity. While it is believed the…