The Google Play Store is littered with dangerous trojans

News
By
published

Malicious apps sometimes slip past Google's virtual bouncers

Android
(Image credit: Google)

The Google Play Store is reportedly littered with trojans and malware-infected apps that are stealing sensitive information, and money, from unsuspecting victims.

Cybersecurity researchers from Dr. Web recently analyzed the state of the mobile app store, and found that the number of trojanized apps (seemingly legitimate applications, carrying trojans either directly within code, or by means of “updates” or “addons”) is “spiking”.

In most cases, the compromised apps are either cryptocurrency wallets and management apps, investment app clones, or photo editors. While Google managed to remove most of the apps from the store already, some persisted, with one of the apps from the list - Top Navigation - still available on the Play Store at press time.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

That app, together with another one from the same developer - called Advice Photo Power, have been downloaded more than 600,000 times, although the users don’t seem to be all too pleased with the apps, judging by the comments.

Squeezing past Google's defenses

When they’re not stealing sensitive data, these apps will load affiliate service sites, or trick people into enabling paid subscriptions.

But squeezing a malicious app into Google Play Store - and keeping it there - is a difficult task. That’s why threat actors also use other online communities, such as websites, forums, or social media channels, to distribute the apps. 

Dr. Web’s report says that one of the most significant threats this year - various WhatsApp mods - were distributed just like that. These mods include GBWhatsApp, OBWhatsApp, or WhatsApp Plus, which claim to offer support for additional languages, home screen widgets, call blocking, or other features that aren’t available in the actual app. 

Read more

> New Android update helps you communicate better with iPhone users

> Google wants your next work laptop to be an Android tablet

> Upcoming Android update could stop you deleting your apps

Once installed, some of these apps will even download additional malicious APKs, claiming that they’re downloading an update.

To keep the Android device safe from various threats, users should stay away from downloading apps from third-party sources, make sure to always read comments and reviews before downloading an app from the Play Store, to pay attention to the permissions each new app is asking for, watch for any unexpected battery drain, and to monitor all of the online purchases made by various mobile apps, researchers have warned.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
mobile phone
Popular Android financial help app is actually dangerous malware
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
In this photo illustration a Google Play logo seen displayed on a smartphone.
Over 2 million risky Android apps were blocked from the Play Store last year
malware
Google warns of legit VPN apps being used to infect devices with malware
Latest in Software & Services
A man sitting at his desk in the evening and using a desktop computer
Office 2021 vs Office 2024: is it time to upgrade?
Microsoft 365 Business app logos
Office 2024 LTSC vs Microsoft 365 Business: what are the differences?
Windows 11 Start menu layout choices: Grid view
Windows 11 vs Linux for business: which operating system should you embrace?
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
Gmail vs Outlook for business: which email system is right for your organization?
Windows 11 logo
Windows 11 Pro vs Windows 11 Home: which version is right for you?
Canva HubSpot
HubSpot and Canva team up to level the creative playing field
Latest in News
A stressed employee looking over some graphs
UK workers are spending more than one day per week tracking down information
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
More about software services
Microsoft 365 Business app logos

Office 2024 LTSC vs Microsoft 365 Business: what are the differences?
A man sitting at his desk in the evening and using a desktop computer

Office 2021 vs Office 2024: is it time to upgrade?
A stressed employee looking over some graphs

UK workers are spending more than one day per week tracking down information
See more latest
Most Popular
A stressed employee looking over some graphs
UK workers are spending more than one day per week tracking down information
EDMONTON, CANADA - FEBRUARY 10: A woman uses a cell phone displaying the Open AI logo, with the same logo visible on a computer screen in the background, on February 10, 2025, in Edmonton, Canada
T-Mobile rival is giving free ChatGPT Plus, worth hundreds, to its subscribers - but there's a catch
Three photos of the iPad Air M3 and its camera
iPad Air M3 review roundup – should you buy Apple's new mid-range tablet?
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
HP LaserJet Pro 3000 on modern office desk
Now HP printers are being bricked following firmware update
Meta QLC Server
Facebook engineers say bigger hard disk drives is making one critical metric far, far worse
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
Two iPhones showing Apple HomeKit settings
Still using an iPad as a Home Hub? Bad news – Apple is about to end support for it
Horizon Zero Dawn Remastered
Future PlayStation games could have AI-powered characters, if this leaked prototype of Aloy is anything to go by
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump