Despite Google’s constant attempts to improve Android’s security, one of the biggest problems the mobile OS faces is malware. Earlier this year, the company published a report claiming that it removed more than 700,000 malicious apps from the Play Store in 2017. This is a high number but still quite not enough.
In fact, ESET security researcher Lukas Stefanko found 13 apps with malware on the Play store, and stated that more than 500,000 people downloaded these apps before Google removed them. Two of said apps were actually listed in the store’s trending section.
Malware disguised as games
All the apps discovered by Lukas Stefanko were driving games (as you can see in the image), and came from a lone developer named Luiz Pinto. Once the games were downloaded, they installed malware. Then the malware hid the apps’ icons, making them more difficult to find and remove.
According to Stefanko, the malware got full access to the Android device’s network traffic, which can be used to steal data (the malware’s end goal has not been confirmed yet). The ESET researcher shared a video showing how the apps crashed every time they were launched and the icons disappeared despite still being installed on the device.
Additionally, Stefanko says more than 560,000 people downloaded these apps and two of them made it to the store’s trending section before Google took them down for violating the Google Play policies. Maybe we are seeing one of the worst malware cases in recent months.