Researcher found dangerous apps in Samsung Galaxy Store

Malicious apps have infiltrated Samsung’s official app store, the Galaxy Store, and users are complaining about multiple Play Protect detections on their devices.

Android Police reported that the malware mimics the once popular pirate app ShowBox, which was shut down back in 2018 after a coalition of film studios identified its operator and sued him. ShowBox and its twin brother MovieBox gave users access to copyrighted movies and TV shows without paying a subscription.

Obviously, the scammers were betting on the former popularity of the pirated app, and the “clones” were indeed well received by the Samsung user community. The counterfeits were advertised as streaming apps, promising anonymous access to protected content through an integrated VPN. Interestingly, according to Android Police, at least some of these apps did deliver the promised pirated features.

According to the linuxct mobile security specialist, who noticed the problem, clone apps trigger Google Play Protect by requesting access to dangerous permissions that could lead to malware being installed on the device.

If the user grants the application all the permissions it needs, it gains access to contact lists, call logs, rights to execute code, download malware, click on ads, and so on.linuxct reported.

After analyzing apps from the Samsung Galaxy Store, linuxct discovered an adware technology that can be used to execute code remotely and can be abused to execute commands on a device. Unfortunately, a scan via VirusTotal revealed that not all antivirus solutions detect this malware, marking it as potentially dangerous programs, Trojans, adware, and so on.

samsung galaxy store

The publication explains that from a legal point of view, Samsung should have rejected these applications at the stage of consideration due to the description of their functionality, however, the Samsung Galaxy Store only checks applications for malware and malicious behavior, and copyright infringement is not taken into account. Since the apps did not contain out-of-the-box malicious code, they were not considered dangerous and were allowed into the store.

Experts advise anyone who has installed one of the ShowBox clones through the Galaxy Store to uninstall the application immediately and run a full system scan to remove any potentially dangerous artifacts.

Let me remind you that we reported that Bugs in Apple Pay, Samsung Pay, and Google Pay allow unauthorized purchases, as well as that Researchers found on Google Play ad dropper that was downloaded more than 100 million times.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button