All the malicious apps are posing as games were published by the same developer named Luis O Pinto, at the time they have a low detection rate.
The cybercriminals aim to monetize their efforts pushing unsolicited advertisements to the user when they unlock the device.
Once installed, the malicious apps would remove their icon from the display immediately and downloads other malicious apps in the background.
The applications were all downloaded from a hardcoded address.
In order to trick users into giving permissions to install the downloaded app, the malicious apps attempt to make the user believe that the installation failed and restarted, asking users to approve the action again.
Stefanko reported that the downloaded APK was Game Center, once installed and executed it hides itself start displaying ads.
The expert pointed out that the Game Center requests permissions for full network access and to view network and Wi-Fi connections, and to run at startup.
The malicious apps do not implement specific features, they only work as simple downloaders that can bypass Google Play security checks.
Stefanko confirmed that Game Center is no longer available at the link that is hardcoded in the malicious apps, after being informed of the fraudulent applications Google removed them from Google Play.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.