When it comes to the security of our personal devices, phones drop down to the bottom of the list almost every time. We’re far too trusting of app developers and stores like Google Play to even consider that there might be something malicious hiding in a platform we’re so familiar with.
Lukas Stefanko, a security researcher from ESET, found 13 apps with malware disguised as games on the Play Store that were downloaded by more than 560,000 people before Google took them down. All of these apps were from the same developer named Luiz Pinto.
Stefanko detailed his finding in a tweet, mentioning that two of the suspect apps were trending, making them more visible to potential downloaders and that these apps appeared to be faulty, crashing every time they were opened but having no legitimate functionality to begin with.
Don’t install these apps from Google Play – it’s malware.
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
— Lukas Stefanko (@LukasStefanko) November 19, 2018
According to a report by Tech Crunch, what these apps were actually doing was downloading a payload from another domain in Istanbul, installing malware, and then deleting the app’s icon so there could be no follow up. The purpose of these malicious apps is not clear, only that they had full access to the phone’s network traffic, seeing as multiple malware scanners had different classifications for what they detected.
Scott Westover, a spokesperson for Google, confirmed that the apps “violated our policies and have been removed from the Play Store.”
Last year alone, Google had to pull than 700,000 malicious apps from its store. This recent intrusion will only serve as a reminder that there is much more for Google to do to bolster its security on the platform and that Android users need to take extra care in what they download from the Google Play Store.