Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Google shuts down malicious ‘Google Play Stoy’ app

Share

Google has taken down hackers' Gmail accounts that were receiving stolen information from a malware app called “Google Play Stoy,” which intercepts banking credentials, certificates and text messages, according to a Wednesday blog post from FireEye, which worked with Google to remove them.

The application eluded detection by traditional signature-based anti-virus evasion methods by encrypting malware behind a fake user interface.

The app (com.sdwiurse), poses as the official Google Play Store app, and if downloaded, places a near-mirror icon of the real app on the victim's home screen.

Once installed, an attacker can siphon the data. Since the app disables the “uninstall” feature, users can't remove it, though they are tricked into thinking the app has uninstalled itself.

A pop up message reads “Unfortunately, google app stoy has stopped," and though the app icon disappears, the app continues to run in the backend.

[An earlier version of this story incorrectly stated that the Google Play Stoy app was available in the Google Play Store and had been removed].

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.