Google has removed four apps from its Play Store after they were discovered to be carrying a new form of malware dubbed Overseer.

Discovered by security firm Lookout Inc., Overseer was found packaged with four apps and once installed could steal a user’s name, phone number, email address and contact history, along with a host of sensitive user information including a user’s precise location, network ID, internal and external memory, phone type, network operator, device and Android information, Device IMEI, IMSI, MCC, MNC and details about installed packages.

Personal data including location area code, the version of Android being used on the infected device, its user build and whether the device has been rooted was also being captured by the malware.

Travelers

One interesting aspect found of Overseer is that it was specifically targeting foreign travelers, particularly those who downloaded an embassy search app. Over apps infected included Russian and European News related applications.

“The legitimate functionality of the Embassy application aimed to provide a user with the ability to search for the addresses of specific embassies in any geographic location. At the time of analysis, the legitimate functionality was not working, however, the command-and-control server was active,” said Michael Flossman, a security analyst at Lookout told Threatpost.

Another aspect was Overseer’s command and control (CNC) using Facebook’s Parse Server hosted on Amazon Web Service, which apparently allows the malware to remain hidden as by using HTTS and CNC on a popular cloud service it doesn’t stand out. In a way, it was hiding in plain site.

Google has since removed the apps from the Play Store but it does raise the question again about Google’s ability to filter for infected applications.

While the vast majority of infected Android apps come from third party stores, the reality is that we continue to see more and more examples of infected apps being distributed by Google itself, including the Godless malware that was said to have infected 850,000 devices back in June, and the “porn clicker” malware that was found in over 300 apps in the Google Play store in February.

There may be no easy answer for Google to better control malware on the Google Play store because no one wants it to go down Apple’s path and strictly control what gets in to start with. But something must be done before the growing numbers of infected apps start to damage the Android ecosphere.

Image credit: intelfreepress/Flickr/CC by 2.0