Samsung is allegedly distributing malware on the Galaxy Store unintentionally

The problem of risks associated with the installation of apps on Android smartphones is a long-standing one: in a cyclical game of cops and thieves, criminals try to evade the surveillance systems that should guarantee the safety of users’ smartphones. Sometimes, this is not enough: this time the news is their presence of malware on the Samsung Galaxy Store, a store similar to that of Google designed specifically for the Android smartphone family of the Korean giant.

The report comes from one of the major analysts and leakers of Samsung products and software features, Max Weinbach, a freelance editor at Android Police, one of the most authoritative resources for news and scoop on the world of the green robot. Looking for an alternative download for the popular Hulu streaming app – one of the best services to stream movies on Android if you own a VPN – temporarily unavailable on the Google Play Store for his Samsung smartphone due to a recent update, he came across a unique Google Play Protect security warning.

This Google Play Protect notice indicates that the app in question, a Showbox clone, could be dangerous. Since Play Protect comes into action even when you try to install applications from sources deemed unsafe, such as the Play Store, the Android Police colleagues contacted the Android security expert Linux to deepen the story.

The risks of malware on the Galaxy Store

From the analysis of the apps on the Samsung Galaxy Store deemed unreliable, all of which were clones of the most famous Showbox now no longer available, a rather worrying picture emerged. According to the analyst, the offending apps do not directly contain malicious code but have the technology necessary to install and run malware. Not only, but apps also require permissions to access resources that they normally shouldn’t require, such as the complete call log and access to the contacts directory.

For those unfamiliar with it, Showbox was one of the most popular third-party streaming apps: at its peak it allowed users to connect to a large number of streaming service sites and torrent clients to watch content, often violating copyright. An app that, despite having always pronounced itself against the specific use for piracy works, has always been considered by the community as a tool for watching pirated content. The offending apps that have malware on the Galaxy Store appear to be their own Showbox clones, which are no longer available on the Google Play Store.

The ability to download malicious code seems to stem from the advertising technology used by these apps, which “at any moment it could become a trojan/malware“. One of these apps’ apks was sent to Virustotal for a full scan, returning more than a dozen low-level alerts found in other Android viruses – nothing to worry about when taken individually, but potentially dangerous when added to everything else.

 

Although there is no counter for installations on the Samsung Galaxy Store like on the Google store, there are hundreds of reviews for the offending apps. Potentially this data translates to thousands or tens of thousands of users that could jeopardize the security of their smartphone without knowing it, considering the Samsung store a safe source from which to download applications.

Both the Google Play Store and the Apple App Store have been the victim of attackers who illegally smuggled hidden code into seemingly harmless apps. Many of these apps just collect a large amount of data and send it to third-party services, probably for profit. However, this does not discount Samsung’s negligence, which has the duty, like other providers, to guarantee the security of the applications on its alternative store.

While trying to clarify this matter, as always, we invite you to download apps responsibly and only from certified sources. What do you think about it? Have you ever downloaded apps from third-party stores, and if so why? Let us know your opinion in the comments.

It might interest you: Security flaw in Mediatek chips would allow spying on Android users

Leave a Comment