Bitdefender has released research about a new Google Play campaign that bypasses the storefront's security checks to deliver potentially malicious content and advertisements.
Once a user downloads these apps, they work to remain on devices by changing names, switching icons, and taking further steps to remain hidden.
In particular, these apps will change their icon and name to pretend to be the phone's 'Settings' app.
One of the key findings in Bitdefender's research, 'Real-Time Behavior-Based Detection on Android Reveal Dozens of Malicious Apps on Google Play Store', is that 35 apps on the Google Play Store are using techniques to bypass storefront security checks to spread potentially harmful content and advertisements.
Further, based on public numbers, these 35 apps equate to approximately two million downloads. A single app that Bitdefender discovered in this campaign had 100,000 downloads, with the others having tens of thousands.
Bitdefender's research also concludes that the campaign is likely the work of the same developer or threat actor.
The release of this research comes after Bitdefender extended support for its antimalware technologies to Amazon GuardDuty, a threat detection service that monitors for malicious activity and anomalous behaviour to protect Amazon Web Services (AWS) accounts, workloads, and data.
Bitdefender antimalware technology provides Amazon Web Services customers with advanced threat detection to identify known and unknown malware, zero-day attacks, and malicious activity.
According to the company, when Bitdefender detects malware or abnormal activity in an Amazon GuardDuty environment, it alerts the customer and provides contextualised, actionable insights to help accelerate and guide response actions. Available in Amazon Web Services Marketplace, Amazon GuardDuty customers can quickly and easily purchase a Bitdefender license for automated remediation capabilities to eliminate detected threats from their environment.
Organisations of all sizes and across all industries are increasingly migrating their architectures and workloads to the cloud. Analyst firm Gartner estimates that by 2025, more than 95% of new digital workloads will be deployed on cloud-native platforms, up from just 30% in 2021. When running workloads in the cloud, effective security necessitates a shared responsibility model, where both the cloud provider and end customer jointly protect the environment and workloads, however, many organisations lack visibility into threats targeting their cloud workloads at runtime. Bitdefender technology supports Amazon GuardDuty with a focus on addressing this challenge.
Bitdefender antimalware technology provides multiple layers of protection, including heuristic analysis, machine-learning models for standard detection, advanced signatureless detection, signature-based detection and emulation. This security integration provides Amazon GuardDuty customers with multi-layered threat detection and protection for all cloud workloads across Windows and Linux operating systems.
"Adversaries are ramping up their attacks on public cloud workloads because they know thats where organisations valuable data assets increasingly reside," says Amy Blackshaw, vice president of product and technical marketing at Bitdefender.
"The integration of Bitdefender technology within Amazon GuardDuty helps organisations become more cyber resilient in the cloud by providing accurate, real-time threat detection to stop attacks before they gain a foothold in their environment," she says.
Use of Bitdefender antimalware technology within Amazon GuardDuty is available now.