Fake ShowBox apps found on Samsung Galaxy Store could infect phones with malware

An investigation found several of these apps on the Galaxy Store -- many of them allowed remote code execution

Samsung’s Galaxy Store, an alternative to the Google Play Store for Samsung phones, has several clones of an app called ‘ShowBox’ that could potentially allow for the installation of malware on people’s phones.

Spotted initially by Max Weinbach, Android Police expanded on the findings with a more in-depth investigation. Weinbach tweeted about finding at least five of these sketchy apps, which trigger Google’s ‘Play Protect’ warning when users attempt to install them. Android Police analyzed one of the ShowBox APK files through Virustotal and found over a dozen alerts from security vendors. Moreover, several of the ShowBox clone apps request extra permissions like access to contacts, call logs and the telephone.

Android Police also connected with security analyst ‘linuxct,’ which revealed more vulnerabilities in the ShowBox app. Particularly, the investigation found that code in the app’s ad tech was capable of executing dynamic code. In other words, the app doesn’t include malware but it could download and execute other code, which could include malware. Android Police says similar issues were demonstrated in at least two ShowBox apps from the Galaxy Store.

The other issue here is that the apps clone ShowBox, a platform with a reputation for enabling piracy and access to copyrighted content, such as movies and TV shows. It’s not clear if the cloned apps enable piracy.

Interestingly, a post on the ShowBox subreddit from two years ago warns that ShowBox is “down” with a promise that if the service does return, an announcement will be made on the subreddit. The post goes on to say that there are “no legitimate alternatives bearing the ‘ShowBox’ name” and even warns of some fakes that attempt to steal users’ personal information.

Samsung did not respond to Android Police’s request for comment, although that’s understandable given the holidays.

It’s worth noting that the Play Store didn’t have the ShowBox apps listed, although it has had its share of malware issues in the past. As usual, you should be careful when downloading any app — always make sure to check reviews and pay attention to warnings when downloading an app, regardless of the source.

Source: Android Police