Samsung Galaxy Store reportedly hosts and distributes several apps that can infect customers’ devices with malware. Tipster Max Weinbach first spotted the issue in a few Showbox apps in the Samsung Galaxy Store. These apps are said to contain malware, and Google’s Play Protect was able to detect it quickly after they were installed. In addition, analysis conducted by the online virus and malware scanning service Virustotal on the Showbox-based apps distributed in the Galaxy Store also showed low-quality alerts. Some apps would ask for excessive permissions, including access to the phone.
According to a report by Android Police, several Showbox movie piracy app clones offered by Samsung through the Galaxy Store could potentially infect devices with malware. Tipster Max Weinbach spotted the problem first and posted his experience on Twitter saying that a similar problem had been discovered on Huawei phones before. According to him, while downloading Showbox-based apps from the Galaxy Store, Google’s Play Protect warning was triggered, causing the installation to stop. At least five of the Showbox-based apps may have been malicious, Weinbach says.
According to the report, Virustotal’s analysis of the APKs of the suspicious apps revealed multiple low-level warnings, including riskware and adware. Some apps would also ask for unnecessary permissions such as access to contacts, call logs and the phone.
The report also says malicious Galaxy Store apps have been further investigated by a mobile security analyst linuxct, who said these apps contain ad technology that can run dynamic code. This means that the app itself, as distributed, may not contain malware directly, but may download and run other code, which could contain malware.
These apps are allegedly clones of the ShowBox app and thus can distribute illegal content to users’ devices. According to the Showbox subreddit, Showbox has been down for about two years. “There are no legitimate alternatives called ‘ShowBox’. Any websites or apps that claim to be ShowBox are fake,” read the message.