American software security firm McAfee has discovered a new common malware present in a great number of Android apps from the Google Play Store. Unfortunately, one of the company's findings reveals that this kind of malicious software can make a device vulnerable to hacking.

A malware called "Grabos" was intercepted from lines of code of several apps from the Play Store. Users who have installed infected apps are in danger of being exposed to cybercriminals and their potential exploitation.

Also read: Beware! This Trojan has already stolen US$1.5m in cash

According to McAfee, infected apps have been driven to generate income by promoting the installation of apps.

"Taking into account the functionality to display ads and the high number of downloads, we believe the main purpose of Grabos is to make money by promoting the installation of apps," McAfee said in a blog post on Sunday, November 12.

Surprisingly, many of these apps are highly rated on the Play Store which raises questions if Google is really doing its best to filter out harmful programs. The company's safety checks have been put in doubts once again as criminals are still able to get their way through the app store.

Music-themed apps

McAfee has noted that most affected apps were launched in August, including the Aristotle Music Audio Player 2017. Although some comments were prompt to point out that the app is a malware, it even reached up to 5 million downloads.

Based on the reported scheme, the trend reveals that hackers are using music-themed apps like music players and music downloaders to target potential victims. These apps are said to be persistent in asking for ratings on the Play Store from the users.

Another app in question is called Shaza, a 4.4-rated verified music recognition app. McAfee listed a total of 144 Android apps which have all been taken down from the Play Store.

How malware in these apps work

Once these malware-infected apps are installed on a smartphone or tablet, the malware is injected into the device's file explorer and music player apps. They will then check if the device is connected to the internet and if the Developer Settings on the device is enabled. It also checks whether or not the device can flag a malware.

If that's yes to all, the malware will launch a counterfeit app that works just like a normal one. It will infect the device with harmful files once it can pass through safety checks.

Grabos is then ready to fetch information like Android version, build model, country, network, install referrer, sim, carrier name, language, country code and time zone. More alarmingly, it has access to the potential victims' IP address and geographical location.