Threat Watch

Android Malware on the Google Play Store Gets 2 Million Downloads

Cybersecurity researchers discovered adware and information-stealing malware on the Google Play Store last month, with at least five applications still available and having amassed over two million downloads. Adware infections can display unwanted advertisements that can be particularly intrusive, degrade the user experience, deplete the battery, generate heat, and even cause unauthorized charges. This software generally tries to hide by masquerading as something else on the host device and makes money for remote operators by forcing the victim to perform views or clicks on affiliated advertisements. However, information-stealing Trojans are far more nefarious, stealing login credentials for other sites the device owner frequents, including social media and online banking accounts. Among the many malicious applications that managed to infiltrate the Google Play Store, the following five are still available:

  • PIP Pic Camera Photo Editor 
  • Wild & Exotic Animal Wallpaper
  • ZodiHoroscope
  • PIP Camera 2022
  • Magnifier Flashlight 

Reporters have contacted Google to inform them about the above applications and verify if the existing versions were cleaned and resubmitted or are still as dangerous. However, judging from recent user reviews, these apps are still demonstrating malicious functionality and don’t deliver on their features promises. Other malicious applications that were discovered include a racing game, a deleted image recovery tool, a fake state compensation app targeting Russian users, and a “free access” app for the Only Fans platform. Researchers at Cyble have also spotted the Hydra banking trojan on the Google Play Store, recently observed targeting banking customers in Europe. The malware masqueraded as a PDF document manager with text to PDF and QR code scanning features and amassed 10,000 downloads. Cyble told reporters that the malicious app was on the Play Store until June 9, 2022, but Google has since removed it. However, the same PDF app is still available on third-party stores like APKAIO.com and APKCombo.com, so beware.

ANALYST NOTES

These apps have since been removed from the Play Store, but users who installed them on their devices need to remove them and run a full AV scan to uproot any remnants. Use caution when downloading applications that offer free services and pay close attention to reviews and comments from other users with regards to behavior of the app.

https://www.bleepingcomputer.com/news/security/android-malware-on-the-google-play-store-gets-2-million-downloads/