Google has been battling Malware from its own official Android App Store for many years now and here is yet another embarrassing story. More than 500,000 Android users have been tricked into Installing malware, that initially seemed to be driving games, onto their devices downloaded directly from Google’s own App Store.
A security researcher at ESET, Lukas Stefanko, posted a tweet that provided Information on 13 games that were created by the same app developer. To further add insult to Injury, it appears two of the games were “trending” on the store, which means they were given greater visibility, therefore a better chance to gain more victims.
Don't install these apps from Google Play – it's malware.
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
— Lukas Stefanko (@LukasStefanko) November 19, 2018
In total the games were able to be downloaded 580,000 times before they were finally removed from the Google Play Store.
The malware worked in a very weird way. End users, who were expecting a driving game, were presented with the icon of an Installed app, but once it was run it would immediately crash. What happened, in reality, was the app began downloading its malware component from another domain and began installing it and when finished it would delete the original app’s icon.
Every time the phone was switched on or rebooted, the app would launch having full access to the Information passed from the device to the network. Possibly it could log passwords, visited sites, messages sent and received. Major malware scanners are not exactly sure what they did.
Android’s Play Store is a less restrictive App Store when compared to Apple’s but at what price? Android gives app developers more freedom on how it connects to the outside world, access device features, and able to share Information between apps – when compared to Apple, but if your own app store serves you malware then you’re certainly not winning the war.
Google has been trying to “clean up” its App Store and removed over 700,000 malicious apps last year alone. Google spokesperson Scott Westover confirmed that the apps “violated our policies and have been removed from the Play Store.”