Google Play store apps, used by millions, are filled with malware

RapidVPN/ March 28, 2019/ Blog/

Creating fake accounts in order to transfer viruses onto people’s computers, phones and tablets – through various applications, is nothing new on the internet scene. However, as the hackers grew more sly and devious, they find ways of breaking into even the most protected Google’s Store. Once they infected certain Play Store’s apps, the game begins.

Android users were not even slightly aware of the attacks they have been imposed to. They searched for new and funny ways to entertain themselves, simply clicked on download of the certain application and then the hacker’s been enabled to enter into their most treasured information. There are over three billion active devices that run Android each and every month. It has been noted that not once but a number of times Android users have been put under a malware that spread through Google App Store. A number of applications that was loaded with malware affected over 36.5 million Android devices.

 Almost 22 Google Play Store apps were discovered that, for example, once downloaded, drained the battery of victims’ smartphones. Other malware downloaded files onto the Android devices of the users without the victims’ consent. And what’s even more surprising is that the apps that brought that malware – were downloaded even more than two million times!

One app, known as the Sparkle Flashlight, was downloaded even more than three million times and the virus that it carried was very potent. It contained a hidden file downloader that could download files from different external servers, once again without victims consent. The more surprising fact is that this app posed as an Apple device to advertisers in order for click fraud to go unnoticed.

Another potent hacker attack was the one in which 13 gaming apps that carried and spread malware were posing as driving games and then they spread enormously. All of those apps were created by one person, a man named Luiz O Pinto, and before Google reached out and removed them from the store they had been downloaded for more than 580,000 times. Users thought that they simply were getting a driving game – when in reality their apps crashed every time when they opened it because they were filled with bugs. Every time someone opened one of those games, the app would download a payload to a developer in Istanbul and the malware would be installed into a person’s device. The malware had full access to the device’s network traffic, and that’s where the main danger was – because through that its creator could steal personal information and user’s credentials. The apps included a luxury car driving simulator, and even the thumbnail showed the picture that seems quite legitimate. 

In one case, the infected app carried a malware that’s job has been to open a window that was 0 pixels 0 pixels in size, in which case it had gone unnoticed by the user. It would proceed to click on ads repeatedly, and juiced the networks’ numbers. It is obvious that users wouldn’t want to participate in the fraud in any case, yet they did – because the downloaded app affected their data and battery life. Even if the users noticed that the app was running and tried to force-close it, it would simply start automatically again in the background.

Those click frauds pretended to be designed for the owners of Apple phones and tablets. It seems that its developers paid well in order to lie what kind of mobile device is clicking those adds in order to reach the deep pockets of Apple owners.

Further dangers for the Android users include malicious software on the Goole Play Store that is disguised as device cleaners, battery managers or horoscope apps. Experts said that the malware campaign was a complex one. This malware software enabled the hackers to send and receive texts on infected devices, unlike the previous ones. In this case, it allowed them to bypass multi-factor authentication which would protect internet banking data in any other case. It also allowed hackers to download any other apps on their choice or to use any app on the installed device. All the apps were uploaded under different names but yet it is assumed to the work of a single attacker.

The prevention if you ever have a slight suspicion that you have downloaded such an app is to uninstall it immediately and to check your bank account and furthermore consider changing your internet banking password code.

There is no guarantee that you won’t encounter such apps in your Play Store in future but by taking the most basic steps such as keep your Android device updated, using trusted mobile security solution and checking the reviews and the content of the apps before downloading them from the Play Store – you will make sure that your device is at least partially secure.