Apps infected with Ztorg Trojan removed from Google Play Store

Google seems to be having a rough time recently with its Play Store. For yet another instance in a short amount of time (the first being Judy malware), the tech giant has had to scramble to eliminate infected apps that are downloaded by Android devices. The apps were dangerous just like Judy as they allowed for possible root access for a black hat hacker. While the applications in question did not have the same massive reach as Judy-infected apps, they still managed to gain the trust of thousands of unsuspecting downloaders.

As reported by Kaspersky Lab’s Threatpost, Google removed the applications Magic Browser and Noise Detector (pictured below) after Kaspersky researchers warned the company of the threat they posed.

Ztorg Trojan
Kaspersky

The danger of these applications lies in the Ztorg Trojan virus that is activated upon download and installation. According to Roman Unuchek of SecureList, the strain of Ztorg found in these apps was “a Trojan-SMS that can send Premium rate SMS and delete incoming SMS” and profit off of the high bill that results from this, as well as any sensitive data contained in other SMS messages sent to the device.

This is only part of Ztorg’s functionality. As AVG Threat Labs states, Ztorg has the ability to log your keystrokes and passwords. This can lead to potential root access of your device and control over any Internet accounts that require login like email or bank accounts. Without a doubt this is the most dangerous aspect of the Trojan, especially considering an estimated 50,000-plus individuals downloaded Magic Browser and Noise Detector collectively.

This begs the question, how on earth did these malicious applications get through to the Play Store in the first place? Roman Unuchek theorizes that “even if a victim downloads what is clearly a clean app, there is no guarantee that it will still be clean in a few days’ time.” What I would personally state is that Google perhaps needs to adjust its vetting process to monitor applications post-approval, perhaps by having the app downloaded in a closed environment unbeknownst to the developers.

The amount of applications in the Play Store may make this a rather impossible task, but if Google can somehow monitor apps by posing as a regular customer, they might be able to catch these infections more quickly.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top