Google Play has been hosting a fake Yandex voice assistant application uploaded by bad actors, the app was discovered by a security researcher. Google have been quick to react upon discovering fraudulent applications through its Google Play Services. Most of the time the malicious content will be removed on the same day it was added to the Google Play.
A Russian recurity researcher from Dr Web has reported more than 100 malicious applications within Google's marketplace. The bad actors used the name "Alisa" the name of the Virtual Assistant Yandex has developed. Upon download the app would ask for the victims phone number to which they would receive a confirmation code for an eligibility reward to their premium service.
How does the malware affect the Victim?
The malware presents a phishing site and offers the user a reward, asking for their phone number to receive a verification code. The code is not for strengthening eligibility for the reward, but for making a subscription to a premium service, which begins the moment the user connects to the internet.
How many application similar to fake Alisa?
Security researchers at Dr Web have found over 127 fraudulent applications in Google Play from over 40 developers with many of these apps having been downloaded thousands of times, it is currently unclear how many victims have fallen for the fake Alisa Application.
"All apps on Google Play are expected to follow our developer policies. While we don’t comment on particular apps, we remove applications that violate our policies, such as those that are illegal or that support hate speech. If users come across any apps that are in violation of our developer policies, we encourage them to report it to our support team."
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/09/06/google-play-has-been-hosting-a-fake-yandex-voice-assistant-application/