Security researchers have found a music player app in the Google Play Store, which has already been downloaded by thousands of users, to be riddled with malicious malware. Going by the name "Super Free Music Player", the app was uploaded to Google Play on 31 March and has already garnered between 5,000 and 10,000 downloads.
According to SophosLabs researcher Rowland Yu, the malware uses similar sophisticated techniques to evade detection by Google and security researchers that were previously seen in the BrainTest malware, such as the use of time bombs, domain or IP mapping and dynamic code loading.
Yu said the malware is able to download additional encrypted payloads from remote websites and upload a list detailing the infected device's information including its model, manufacture, SDK version, country, language and installed applications among other data.
In 2015, security firm Check Point discovered the BrainTest malware on a Nexus 5 smartphone which used various techniques to avoid detection and persistently remain on unsuspecting victims' infected devices. Although Google Play removed it from the app store, attackers repurposed it in the form of a music app.
"It came back to Google Play as Super Free Music Player and attracted 5,000 – 10,000 downloads," Yu said. "Sophos has detected them as Andr/Axent-DS."
SophosLabs said it has informed Google Play about their discovery.
The latest discovery comes as attackers continue to target Android users through malicious apps found in the official Google Play store. A recently discovered nasty strain of malware dubbed FalseGuide was found in a slew of Android apps including guides for popular games such as Fifa, Pokémon Go and World of Tanks. Experts warned that the malware could have infected nearly two million phones.
Another Android trojan called BankBot also targeted hundreds of applications on Google Play in an effort to steal mobile users' online banking credentials and payment card data.