Whenever downloading a new app from the Google Play Store, many people check the reviews to see how safe it is. However, sometimes safety issues in the Play Store are invisible, like hidden malware. Google is said to have pulled 13 malware-infected Android Apps from the Play Store after a security researcher found them to be infected. Apparently, more than 500,000 users have downloaded the infected apps, which means their data may be exposed to security risks.
According to the researchers, the malware-infected Android apps wouldn’t work properly. Moreover, they would hide deep in the handset’s data and install malware which can jeopardize security and expose data, or worse. In the picture above, you can see the infected apps are similar. They’re mostly car and truck simulators, and they are no longer available on the Play Store.
ESET security researcher Lukas Stefanko posted a tweet listing the malware-infected Android apps and their pictures as shown in the Google Play Store. In his post, he said the malware has been downloaded over 560,000 times.
Don’t install these apps from Google Play – it’s malware.
Details:
-13 apps
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
-reported pic.twitter.com/1WDqrCPWFo— Lukas Stefanko (@LukasStefanko) November 19, 2018
It seems the hackers didn’t even try to hide their identity, since all the apps on the list were credited to a single developer named Luiz Pinto. The apps are disguised as games, and they don’t even work once installed. Instead, they will constant crash whenever users try to launch them. What’s even scarier is that two of the apps were in the Trending section of the Google Play Store, so they were more visible to users who thought the games were popular.
When testing the apps, Stefanko discovered that they would disguise themselves and their icon when users tried to launch them. The apps would also prompt users to install an APK called “Game Center,” even though it didn’t work properly. For those who want to see the malware in action, Stefanko also posted videos which show how the malware-infected Android apps work.
Smartphone users have been fighting hackers for a while. You may recall that last year, we dealt with an auto-clicking malware called Judy, which was discovered in 41 apps. However, the number of apps it infected was much higher, estimated to have affected 8.5 million to 36.5 million Android users.
“Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown,” the Check Point research team, which discovered the Judy malware and many other software liabilities, wrote in a blog post at the time.
