Beware - another dangerous Android malware has had millions of downloads from the Google Play Store

app security
(Image credit: Shutterstock.com) (Image credit: Shutterstock.com)

Cybersecurity researchers from Dr. Web have found half a dozen mobile apps lurking in Google’s Play Store, that are actually distributing inforstealers, adware, and other forms of malware via Android apps that between them have more than two million downloads.

The researchers have found five malicious apps, including PIP Pic Camera Photo Editor, a malicious app with more than a million downloads, pretending to be image-editing software. In reality, it steals people’s Facebook credentials.

Other malicious apps include Wild & Exotic Animal Wallpaper, an adware app that replaces its name to SIM Tool Kit, as soon as it’s downloaded (500,000 downloads), ZodiHoroscope - Fortune Finder, another Facebook credential-stealing app (500,000 downloads), PIP Camera 2022, pretending to be a camera effects app (Facebook infostealer with 50,000 downloads), and Magnifier Flashlight, adware with 10,000 downloads. 

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Sneaking into legitimate stores

At press time, these apps were still available for download on the Play Store, and judging by the reviews posted on the app repository, people aren’t happy, as apps are quite obviously fraudulent.

Besides these five apps, the researchers found four more which are no longer available to the general public, including a racing game, an app that offers the recovery of deleted photos, a fake state compensation app for the Russian-speaking community, and an app that promises free access to Only Fans.

While these may have been removed from the Play Store, people that have downloaded them in the past are still at risk, until they remove them from their endpoints, using antivirus software, or other malware-removing solutions. 

Security pros were always vocal how people should only download apps from verified sources, but the App Store, or the Play Store, are not immune to cyberattacks. Users should always stay vigilant with their devices, keeping them updated, having an antivirus solution installed, and monitoring incoming and outgoing traffic with firewalls. 

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
mobile phone
Popular Android financial help app is actually dangerous malware
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Over 2 million risky Android apps were blocked from the Play Store last year
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
Latest in Security
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Latest in News
Project Moohan prototype at Samsung Galaxy Unpacked, an XR goggles headset on display in a show area
Samsung's Android XR headset could avoid the Apple Vision Pro's biggest mistake, according to this leak
Rivian R1T
Big Rivian update delivers hands-off driving to rival Tesla Autopilot – and a new 'Rally' mode
Google Pixel 9 in Wintergreen showing back camera bar
The Google Pixel 10 could get a big camera boost if this new leak is legit
The Samsung Galaxy S25 Edge, close up on the dual camera system, against a marbled background
The Samsung Galaxy S25 Edge is being tipped to come with a sweet Google Gemini deal
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Diego Luna looks questioningly at the back of someone's head as Cassian Andor in the show Andor
Disney+ is making Andor free to stream on YouTube, and now you have no excuse not to watch the best Star Wars show