Avoid and delete these vicious Google Play Store apps with 2 million (and counting) downloads

by ·

IT security solutions provider Doctor Web has published a report about nasty trojans that are being spread by apps on Google’s Play Store. While most of them have been taken off the official Android app store, some remain.

These malicious software can be divided into further categories such as malware, i.e. software that is made to disrupt or gain access to a system, riskware that poses a potential risk to users, and adware, which displays unwanted ads on your phone.

Android.Spy.4498, which siphons off the contents of other apps’ notifications was the most active malware during the month, followed by Android.HiddenAds.3018 and Android.HiddenAds.3152 which come across as harmless apps but once they affect an Android device, they hide their presence from the user. The third most common malware was Android.DownLoader.475.origin which installs other malware and unwanted software.

Program.FakeAntiVirus.1 was the most prevalent unwanted software during May. Such programs are often distributed as anti-virus software and deceive users by sounding alarms about non-existing threats to fool them into buying the full version of the software. 

Tool.SilentInstaller.14.origin, Tool.SilentInstaller.6.origin, Tool.SilentInstaller.13.origin, and Tool.SilentInstaller.7.origin were the most prolific form of riskware during the month. Tool.Obfuscapk.1.origin was another prevalent malware. It modifies Android apps’ source code to make it harder for anti-virus programs to detect malicious apps.

Adware.SspSdk.1.origin, Adware.AdPush.36.origin, Adware.Adpush.6547, Adware.Adpush.2146, and Adware.Myteam.2.origin were the most widespread adware incorporated into Android apps. They show full-screen ads and sometimes block other apps’ windows.

So, which Android apps are hiding these trojans?

Doctor Web found many threats on Google Play during the month of May. Bleeping Computer reports that at least five of the affected apps are still available on the store and have been downloaded more than two million times. These include:

Wild & Exotic Animal Wallpaper with Android.HiddenAds.3158 beneath: This image-collection app tried to be covert by renaming itself “SIM Tool Kit,” and changing the app icon to a less noticeable one. It also sought permission to be added to the battery-saving feature exceptions list so that it would be able to display ads even if the phone user didn’t use the app for a long time. It has been downloaded 500,000 times so far.

Magnifier Flashlight with Android.HiddenAds.3161: This flashlight app hid its icon so that it wouldn’t appear on the home screen menu and showed advertisement videos and banners. 10,000 users have installed it.

PIP Pic Camera Photo Editor with Android.PWS.Facebook.142 trojan: It has been downloaded a million times and disguises itself as an image-editing software but actually steals Facebook credentials.

ZodiHoroscope – Fortune Finder hiding Android.PWS.Facebook.141: Tries to steal Facebook login info by deceiving victims into entering them. 500,000 downloads.

PIP Camera 2022 carrying Android.PWS.Facebook.143: A camera effects app that tries to hijack Facebook accounts. 50,000 installs

Malicious Android apps that have been removed that you must delete from your phone

Doctor Web also found a data recovery app called “Recovery” that was carrying the Android.Subscription.9 trojan to subscribe users to paid services. Another was a game called Driving Real Race which was carrying Android.Subscription.10. These apps went to websites of various affiliate services to sign up for subscription services.

To protect your smartphone from such malicious apps, you must only download apps from trusted sources and consider downloading an anti-virus solution. 

You may also like...