Suppress Application Icon
A malicious application could suppress its icon from being displayed to the user in the application launcher to hide the fact that it is installed, and to make it more difficult for the user to uninstall the application. Hiding the application's icon programmatically does not require any special permissions.
|FlexiSpy||FlexiSpy is capable of hiding SuperSU's icon if it is installed and visible. FlexiSpy can also hide its own icon to make detection and the uninstallation process more difficult.  |
|Gustuff||Gustuff hides its icon after installation. |
|Rotexy||Rotexy hides its icon after first launch. |
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
The user can examine the list of all installed applications, including those with a suppressed icon, in the device settings.
- Lukas Stefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July 11, 2019.
- Lukas Stefanko. (2017, February 22). Sunny with a chance of stolen credentials: Malicious weather app found on Google Play. Retrieved July 11, 2019.
- NJCCIC. (2017, March 2). BankBot/Spy Banker. Retrieved July 11, 2019.
- Elena Root and Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved August 9, 2019.
- K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.
- FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.
- T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.
- Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019.