In a familiar refrain, Google has removed from its Play store 13 malicious apps masquerading as legitimate games -- but not before they potentially infected more than half a million Android devices.
A warning about the malicious apps was tweeted on November 19 by malware researcher Lukas Stefanko from security provider ESET. Stefanko said that the 13 apps racked up more than 560,000 installations, with two of the apps trending in Google Play. No legitimate functionality was reported.
After installation, each app could download another app from the attacker's server and ask the user to manually install it, Stefanko explained to Download.com. That second app was an adware application called Game Center. After someone would launch any of the fake apps or Game Center, that app would hide its icon from the device's home screen, tricking the user into believing it was no longer on the device. But when the device would go into Lock mode, the app would display ads. The payload on the attacker's server could've easily be exchanged with something else, Stefanko added, meaning the adware could've been replaced with a more dangerous form of malware.
Google Play has been plagued by malware for years. And the story is always the same. Malware is discovered. Google is alerted. Google removes the malware. End of story, at least until the next time. Why is malware such a persistent problem for Google?
One pitfall lies with Google's overall strategy. Rather than adopting the "walled garden" strategy that Apple uses to secure iOS and scrutinize each app, Google has a more open approach to Android in general and app approvals more specifically. Another reason is popularity. Android has many more users than does iOS and thus is a more lucrative target for cybercriminals. Google has tried to combat malware through such solutions as Play Protect, which scans and verifies apps before they end up on Google Play. But the effort seems to be falling short.
Google learned the apps were malicious after Stefanko reported them, he told Download.com. A couple of hours following his report, Google told Stefanko that it would analyze the apps and take appropriate measures.
"Providing a safe and secure experience for our users is our top priority," Google said in a statement sent to Download.com. "We appreciate the researcher's report and their efforts to help make Google Play more secure. The apps violated our policies and have been removed from the Play Store."
Android users who installed any of the apps shown in the image in Stefanko's tweet should uninstall the malicious program and then run an antivirus scan to clean up their device.
FOLLOW Download.com on Twitter for all the latest app news.
- Google has removed 13 malicious apps from its Play store after they were discovered masquerading as legitimate driving games.
- Once installed, the malicious apps would download another program that would display ads on a device's Lock screen.
- Beware of fake bank apps on Android stealing customer account data
- Advanced Battery Saver app for Android has malware that can steal your data
- Android malware Sonvpay secretly charges you premium text message fees
- This is the easiest way to prevent malware on your Android device (CNET)
- Android security: Password-stealing malware sneaks in Google Play store in bogus apps (ZDNet)
- Skygofree Android malware is 'one of the most powerful ever seen' (TechRepublic)