More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Over the past few years, Google has invested heavily in developing advanced security algorithms for the Play Store, but preventing threats early and thoroughly is not easy.
Data collected between June 2023 and April 2024 by cybersecurity researchers from Zscaler security organization discovered more than 200 malicious apps, with millions of downloads, publicly distributed on the Google Play Store. The most common threats that researchers found on the official Android app store include:
- Joker (38.2%): Software that steals information and collects SMS messages, enrolls victims in premium services.
- Adware (35.9%): Apps that consume internet bandwidth and battery to load foreground or hidden ads in the background, creating fraudulent ad impressions.
- Facestealer (14.7%): Software that steals Facebook account information, overlaying phishing forms on legitimate social networking applications.
- Coper (3.7%): Information stealing and SMS interception software, can also perform keylogging and overlay phishing sites.
- Loanly Installer (2.3%).
- Harly (1.4%): Trojan applications subscribe victims to premium services.
- Anatsa (0.9%): Anatsa (or Teabot) is a banking trojan that targets over 650 banking applications worldwide.
Earlier in May this year, Zscaler researchers also warned about more than 90 malicious apps on Google Play, with a total of 5.5 million downloads.
While Google has security mechanisms in place to detect malicious apps, threat actors still have a number of tricks up their sleeves to bypass the verification process. In a report last year, the Google Cloud security team described a method of distributing malware through app updates, or by downloading malware from attacker-controlled servers.
While Zscaler's report focuses on popular Android malware, other researchers have discovered a number of campaigns that also abuse Google Play to distribute malware to millions of people.
A typical example is the Necro malware downloader for Android, which was downloaded 11 million times through just two apps released on the Google Play Store.
In another case, the Goldoson Android malware was detected in 60 legitimate apps with a total of 100 million downloads also on the Play Store.
Last year, SpyLoan malware was found in apps on Google Play that were downloaded more than 12 million times.
Nearly half of the malicious apps detected by Zscaler ThreatLabz were published on Google Play in the tools, personalization, photography, productivity, and lifestyle categories.
Zscaler's mobile threat report also shows a significant increase in spyware infections, primarily caused by the SpyLoan, SpinOK, and SpyNote groups. Over the past year, the company recorded 232,000 blocks of spyware activity.
The countries most targeted by mobile malware over the past year were India and the United States, followed by Canada, South Africa and the Netherlands.
According to the report, mobile malware was primarily targeted at the education sector, with a 136.8% increase in blocked transactions. The services sector saw a 40.9% increase, and chemicals and mining increased by 24%. All other sectors saw a general decline.
To minimize the chance of being infected with malware from Google Play, users should carefully read reviews from others to see what issues have been reported, then thoroughly check information about the app publisher.
You should read it
- Discovering many applications containing malware on Google Play Store, Android users should worry gradually
- The Joker malware once again bypassed Google's security, spreading strongly on the Play Store
- How to avoid Malware when downloading Pokemon GO?
- What to do when Google Play Store is not working?
- Download Google Play 24.2.15-16
- Google declined to add 55% of the new Android application to Play Store in 2018, but that's not enough!
- Google Play Store releases updated 'good' application suggestions for users
- How to download CH Play and install Google Play on the phone
- Discovered a Vietnamese student posting 42 Android apps containing malware on Google Play Store
- Hackers are taking advantage of the Store to distribute malware
- The best Google Play Store alternatives
- The simple way to fix Google Play Store errors often encountered
Maybe you are interested
How to change the default font in Google Docs - Use the font of choice
Manifest V3 rollout to remove Google extensions is being pushed
How to Use Google Drive with Android File Manager
Kaspersky antivirus software suddenly disappears from Google Play Store
Microsoft Word or Google Docs is better for you?
How to send RCS messages using Google Gemini