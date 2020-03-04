ANDROID is regularly plagued by dangerous apps, some of which are harder to spot than ever because of a recently discovered piece of malware.

Android is installed on over 2.5 billion devices across the globe and gives users access to a constellation of apps that are available to download through Google’s official Play Store and a host of other third-party marketplaces scattered across the web. Although Google has a Play Protect service that’s capable of screening apps and checking if they ask for abnormal permissions, have malware or other harmful materials, things always slip through the cracks. Because of this, it’s usually best practise to scour reviews of an app before you click the install button. If a bunch of people are complaining about an app because it’s brimming with intrusive adverts and malware, you’re obviously not going to put it on your phone. However, downloading apps based on reviews alone could be a huge mistake, according to new research by McAfee.

The security software company just released a new report about mobile threats and discussed a new strain of Android-based malware called LeifAccess that’s capable of leveraging a user’s device to post fake reviews on the Play Store to give potentially harmful applications greater visibility and a better overall ranking. LeifAccess was noted to be capable of generating fake reviews using a command and control server. The reviews in question were explained to be pretty simple, with comments such as “very simple and useful”, “very good mobile app cleaner” and “great, works fast and good” being some of the dead giveaways. The malware is also able to leave relatively simple reviews in multiple languages, too. According to McAfee, the LeifAccess malware is distributed through “fraudulent advertising” and is apparently also found on voice chatting platform Discord. The security firm analysed LeifAccess and was eager to note the malware immediately makes it difficult for users to remove it – no icon or shortcut for it is displayed on a device. Additionally, it also shows a host of “fake warnings” that are utilised to get a user to activate a number of varying accessibility services.

McAfee explained: “These cover a range of vague but scary system warnings, such as ‘system needs to upgrade your video decoder,’, ‘application reduces your phone performance, please check it now,’ and ‘security error should be dealt with immediately’. “In an effort to separate the warnings from installation, the malware waits up to eight hours before showing the fake notification.” Even if a user disables the malware’s ability to take advantage of accessibility services, it was still noted to possess the ability to “perform click fraud and install other apps without accessibility functions”. Most worrying of all however is LeifAccess’ power to give apps on the Play Store positive reviews and a five-star rating. McAfee said this has the power to “legitimise malicious apps and perpetrate additional frauds”.