Samsung’s Galaxy Store is hosting malicious apps that distribute malware
Another day, another security risk.
Apple gets a lot of hate for only allowing apps from its own App Store to be installed, but maybe, just maybe, that’s the right call. Samsung has run its own Galaxy Store for years, and it’s not doing the best job of keeping malicious apps out of it.
First noticed by Android Police’s Max Weinbach yesterday, Samsung’s Galaxy Store is hosting multiple cloned apps with dubious content inside. Those apps are all flagged by Google’s Play Protect algorithm, which indicates they could be potentially harmful.
Now, the replies to Max’s tweet contain multiple variations on “I use that app and it’s okay” or “that’s just the normal message Play Protect gives you when installing an app that doesn’t come from the Google Play Store.”
That would be true, except the apps that Max is referring to are all clones of Showbox, which is already a shady app for movie piracy.
Android Police downloaded one of the clone apk files and ran it through Virustotal. If an app supposedly for movie watching asking for access to your call log isn’t suspicious enough, maybe this list will change your mind.
Virustotal gave “over a dozen low-grade alerts from security vendors ranging from ‘riskware’ to adware.”
That’s not all though. Android Police ran the apps past an Android security analyst, and the news wasn’t good. Adtech inside the code had dynamic code execution.
That could function as a ‘dropper,’ in the same way as some of the recent malicious Android apps we reported on.
The other thing? Showbox hasn’t worked for nearly two years, according to its subreddit. That makes all of these clone apps entirely malicious, as they’re functionally useless.
It seems that Samsung needs to better control its own Galaxy Appstore. Or you know, shutter it entirely. Sure, the Google Play Store has its own share of malware issues; but they’re not hosting apps like Showbox that link to illegally obtained content.
- Sennheiser exposed the data of thousands of customers in an unsecured server
- New Amazon Ring patents outline a racist dystopian future
- If you’re a Cox subscriber, change your passwords – the company says they were hacked
- How to stop Life360 from selling your location data