Samsung’s Galaxy Store, an alternative to the Google Play Store for Samsung phones, has several clones of an app called ‘ShowBox’ that could potentially allow for the installation of malware on people’s phones.
Spotted initially by Max Weinbach, Android Police expanded on the findings with a more in-depth investigation. Weinbach tweeted about finding at least five of these sketchy apps, which trigger Google’s ‘Play Protect’ warning when users attempt to install them. Android Police analyzed one of the ShowBox APK files through Virustotal and found over a dozen alerts from security vendors. Moreover, several of the ShowBox clone apps request extra permissions like access to contacts, call logs and the telephone.
I gave Huawei shit for this, gonna do it to Samsung too.
Samsung is hosting literal malware on the Galaxy Store. Google's anti-virus protection software, built into Play Services, stops the install.
I've found at least 5 of these apps in a row on the Galaxy Store. pic.twitter.com/LiiDJtGwmb
— Max Weinbach (@MaxWinebach) December 27, 2021
Android Police also connected with security analyst ‘linuxct,’ which revealed more vulnerabilities in the ShowBox app. Particularly, the investigation found that code in the app’s ad tech was capable of executing dynamic code. In other words, the app doesn’t include malware but it could download and execute other code, which could include malware. Android Police says similar issues were demonstrated in at least two ShowBox apps from the Galaxy Store.
The other issue here is that the apps clone ShowBox, a platform with a reputation for enabling piracy and access to copyrighted content, such as movies and TV shows. It’s not clear if the cloned apps enable piracy.
Interestingly, a post on the ShowBox subreddit from two years ago warns that ShowBox is “down” with a promise that if the service does return, an announcement will be made on the subreddit. The post goes on to say that there are “no legitimate alternatives bearing the ‘ShowBox’ name” and even warns of some fakes that attempt to steal users’ personal information.
Samsung did not respond to Android Police’s request for comment, although that’s understandable given the holidays.
It’s worth noting that the Play Store didn’t have the ShowBox apps listed, although it has had its share of malware issues in the past. As usual, you should be careful when downloading any app — always make sure to check reviews and pay attention to warnings when downloading an app, regardless of the source.
Source: Android Police