Researchers also found a new version of the malware inside legitimate applications. These hackers find a way to get the users to login without their knowledge to premium services. Because hackers built this old way of getting inside apps, they were able to circumvent security from Google Play.The list of detected applications includes:
- com.imagecompress.android
- com.hmvoice.friendsms
- com.relax.relaxation.androidsms
- com.file.recovefiles
- com.training.memorygame
With the implementation of new regulations by the Play Store and the scaling of protections by Google Play Secure, Bread apps have been forced to constantly iterate to look for holes. At every point they have used just about every tactic of cloaking and obfuscation in an effort to go undetected under the light. Many of these samples seem deliberately designed to attempt to slip undetected into the Play Store and are not seen anywhere
Researchers recommend that such programs should be uninstalled from a user computer to avoid potential attacks. It also suggests users check their mobile and credit card bills for any unknown subscriptions to be detected. Often, users can install trusted cybersecurity tools to prevent these attacks.