MORE THAN half a million Android users have been tricked into downloading malware-ridden apps posing as games on the Google Play store.
Uncovered by ESET Android malware researcher Lukas Stefanko, the apps, which were apparently created by a developer called Luiz Pinto, were masquerading as driving simulation games.
Stefanko found 13 of the apps on the Play Store and said that more than 560,000 people downloaded them before Google took them down. The worrying thing is, though, that two of the apps were featured in the Store's 'trending' section before they were yanked, according to Stefanko.
Those who installed the apps would have quickly realised that nothing actually happened once launched. But on the backend, there were much more sinister things going on; they quietly installed malware on users' devices, and even deleted their own icon so the app would be harder to find and remove.
It's also been reported that the malware allowed attackers to gain full access to the host device's network traffic in order to steal data.
Don't install these apps from Google Play - it's malware.— Lukas Stefanko (@LukasStefanko) November 19, 2018
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
It, therefore, goes without saying that if you've managed to install any of these apps, you should uninstall them right away.
The report is one of thousands of its kind; Android malware is growing rapidly and has been for many years, so much so that security boffins just can't keep up. Android users should remain vigilant when downloading apps from third-party sources from the Play store, especially if they are new and don't have many good reviews.
Earlier this year, security researchers uncovered an Android threat that can snoop on users and steal personal data, all while racking up a huge phone bill in the process.
UK-based security outfit Wandera sounded the alarm bells after finding the spyware, dubbed 'RedDrop', inside 53 applications masquerading as useful tools such as image editors, calculators and language-learning apps.
"Each one is intricately built to provide entertaining or useful functionality - to act as a seemingly innocent guise for the malicious content stored within," the researchers said. µ
Another week of Google news in brief
It was nice knowing you, sort of
Third time unlucky
Customers are unable to make payments or transfer money