As many as 13 Google Play store apps were found malicious in a new report by a renowned ESET researcher, Lukas Stefanko. In a tweet, Stefanko pointed out to 13 gaming apps that were masquerading as regular games in the Play Store and were downloaded over half a million times at the time of reporting. After the details were out, Google has removed all the apps mentioned in the tweet.
Stefanko, a security researcher at ESET firm, has had a good record of tinkering with apps and finding any unsolicited codes that may be harmful to the users. This time he has mentioned popular gaming apps that contain harmful codes aimed to obtain information from the device. The apps that have been mentioned in the Stefanko’s tweet include City Traffic Moto Racing, Hyper Car Driving, and more. Two of these apps, the researcher said, appeared on the trending list on the Play store, giving them a better visibility, which increases the chances of users downloading them more.
Don’t install these apps from Google Play – it’s malware.
Details:
-13 apps
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
-reported pic.twitter.com/1WDqrCPWFo— Lukas Stefanko (@LukasStefanko) November 19, 2018
According to the researcher, the users who installed these apps, expecting that a game with animated cars and trucks will open, were left startled after the apps began crashing each time they were launched. What the users were not familiar with was the execution of nefarious coding inside the apps that doubled up as a conduit for a different domain registered to a developer in Istanbul. Meanwhile, the malware was being installed as the app performed the crash and after a short time the app icons were deleted, making it even harder for the users to uninstall them.
The researcher has pointed out that these apps download APKs from the same domain and make users install them on the device. However, he has noted that this activity is no longer available. It’s not clear what the malware-laden codes do on the device as the malware scanners couldn’t find a particular objective the malware could have been instituted with, as per a sample uploaded on VirusTotal. However, it has been found that the malware persistently stays on the phone and has full authority over the networks, which could be used as a medium to steal personal data.
Scott Westover, a Google spokesperson, released a statement addressing the latest findings and that the apps were found violating the policies. He further confirmed that the apps “have been removed from the Play Store.”
While the potential threat has been nipped in the bud, it raises a big question on Google’s credibility as a tech company that has always tried to take a stand for its approach to the apps. Many critics and analysts have time and again lambasted Google for showing laxity to the apps in the Play store, as compared to how Apple handles apps on the App Store. Earlier this week, Apple removed many WhatsApp Sticker apps after they were found having a similar design, UI, and functionality, in addition to requiring WhatsApp to run.
