More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Over the past few years, Google has invested heavily in developing advanced security algorithms for the Play Store, but preventing threats early and thoroughly is not easy.
Data collected between June 2023 and April 2024 by cybersecurity researchers from Zscaler security organization discovered more than 200 malicious apps, with millions of downloads, publicly distributed on the Google Play Store. The most common threats that researchers found on the official Android app store include:
- Joker (38.2%): Software that steals information and collects SMS messages, enrolls victims in premium services.
- Adware (35.9%): Apps that consume internet bandwidth and battery to load foreground or hidden ads in the background, creating fraudulent ad impressions.
- Facestealer (14.7%): Software that steals Facebook account information, overlaying phishing forms on legitimate social networking applications.
- Coper (3.7%): Information stealing and SMS interception software, can also perform keylogging and overlay phishing sites.
- Loanly Installer (2.3%).
- Harly (1.4%): Trojan applications subscribe victims to premium services.
- Anatsa (0.9%): Anatsa (or Teabot) is a banking trojan that targets over 650 banking applications worldwide.
Earlier in May this year, Zscaler researchers also warned about more than 90 malicious apps on Google Play, with a total of 5.5 million downloads.
While Google has security mechanisms in place to detect malicious apps, threat actors still have a number of tricks up their sleeves to bypass the verification process. In a report last year, the Google Cloud security team described a method of distributing malware through app updates, or by downloading malware from attacker-controlled servers.
While Zscaler's report focuses on popular Android malware, other researchers have discovered a number of campaigns that also abuse Google Play to distribute malware to millions of people.
A typical example is the Necro malware downloader for Android, which was downloaded 11 million times through just two apps released on the Google Play Store.
In another case, the Goldoson Android malware was detected in 60 legitimate apps with a total of 100 million downloads also on the Play Store.
Last year, SpyLoan malware was found in apps on Google Play that were downloaded more than 12 million times.
Nearly half of the malicious apps detected by Zscaler ThreatLabz were published on Google Play in the tools, personalization, photography, productivity, and lifestyle categories.
Zscaler's mobile threat report also shows a significant increase in spyware infections, primarily caused by the SpyLoan, SpinOK, and SpyNote groups. Over the past year, the company recorded 232,000 blocks of spyware activity.
The countries most targeted by mobile malware over the past year were India and the United States, followed by Canada, South Africa and the Netherlands.
According to the report, mobile malware was primarily targeted at the education sector, with a 136.8% increase in blocked transactions. The services sector saw a 40.9% increase, and chemicals and mining increased by 24%. All other sectors saw a general decline.
To minimize the chance of being infected with malware from Google Play, users should carefully read reviews from others to see what issues have been reported, then thoroughly check information about the app publisher.
You should read it
- How to avoid Malware when downloading Pokemon GO?
- What to do when Google Play Store is not working?
- Download Google Play 24.2.15-16
- Google declined to add 55% of the new Android application to Play Store in 2018, but that's not enough!
- Google Play Store releases updated 'good' application suggestions for users
- How to download CH Play and install Google Play on the phone
- Discovered a Vietnamese student posting 42 Android apps containing malware on Google Play Store
- Hackers are taking advantage of the Store to distribute malware
May be interested
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- Detects malicious code showing porn ads in children's games on Google Playcheck point security company has discovered malicious code called adultswine that appears in children's games on google play.
- New malware using web application has turned into a source of attack, very difficult to detectrecently, researchers from talos (microsoft) and cisco have discovered a new type of malicious code that is very complex and has an extremely fast spreading speed.
- 136 Money-stealing malicious apps, you must delete them now!security researchers at zimperium zlabs recently discovered a new type of trojan that specifically targets financial services. this new trojan, named grifthorse, has now affected more than 10 million android users in more than 70 countries worldwide.
- 28 harmful applications that need to be immediately removed from your smartphonesecurity experts have recently discovered 28 applications containing malicious code that have been installed on the smartphones of millions of users. if you have one of these applications installed, immediately remove it from your device.
- Dozens of Android applications are infected with malicious codedozens of applications on android market have been deleted because of malicious code. users who have downloaded these infectious applications may lose data.
- Warning: VPNFilter malicious code attacks the router that has 'evolved', there are many extremely dangerous new featuresnewly discovered experts, vpnfilter has attacked and infected more than 500,000 routers recently added the ability to remove https encryption, attack intermediaries, and even wipe information on the device itself. .
- Paris Hilton's website contains malicious codewhen people visit the blonde lady's site, a pop-up window will appear and if you click on the 'yes' or 'no' button, the malicious program will be downloaded to their computer.
- 238 applications found on Play Store contain malicious code that paralyzes smartphonessecurity experts discovered in 238 applications on google play store that contain advertising code called beitaad.
- TOP 10 most downloaded applications in the decade, 4 of them belong to Facebookof the 10 most downloaded mobile apps in the decade, it's not surprising that facebook holds up to four names.