35 malicious apps found on Google Play Store, installed by 2 million users
Another day, another set of nasty applications on the official Google Play Store.
The growing efforts of cybercriminals to get malicious apps listed on the Google Play Store has seen some of the most widely used smartphone applications fall victim to malware and banking trojans in recent years.
Despite efforts by Google to improve security, researchers continue to uncover malicious campaigns that use innovative tactics to bypass the company’s security controls.
Now the IT security researchers at Bitdefender have identified 35 malicious applications on the Play Store with over two million downloads. These apps are designed with methods of operation that allow them to pass themselves off as legitimate by changing their names and icons and bombarding the victim’s device with advertisements.
According to Bitdefender, these ads help cybercriminals achieve their financial goals along with directing victims to malicious websites or links that drop additional malware onto the targeted devices.
In their blog posts, BitDefender’s research team stated that the cybercriminals behind the campaign used multiple methods to trick victims into keeping the malicious apps on their devices. For example, some of the apps offered version updates that allowed the attackers to hide and avoid detection on the device.
Many legitimate apps serve ads to their users, but these serve ads through their own framework, which means they can also serve other types of malware to their victims. In most cases, users can choose to delete the application if they do not like it. But these new malicious apps trick victims into installing them, only to change their names and icons and even take a few extra steps to hide their presence on the device.
One positive aspect of this report, however, is that BitDefender identified the malicious campaign using its (soon to be unveiled) behavioral technology designed to analyze malicious app activity after installation.
Behavioral technology in cybersecurity can be used to track malware across all channels, including websites and social media platforms. This data can then be used to improve security and user experience in real time.
Bitdefender identified the malicious apps using a new real-time behavioral technology designed to detect these very dangerous practices, among many others. This new technology is slowly being rolled out to our customer base and will be available to everyone in the coming months.
List of malicious apps
- ice cycle volume
Protection against malicious apps
With more than two billion active Android devices, it’s no wonder that the Google Play Store is a target for malware developers. It’s no secret that the Google Play Store is home to some nasty malware, including DawDropper, Joker, SharkBot, Xenomorph, and many more.
But at the same time, it is one of the safest platforms to download Android apps. So how can you protect your phone from all the bad stuff? Here are some tips:
- First, make sure you’re running the latest version of Android. Google is constantly working to improve the security of the platform, so newer versions of Android are less vulnerable to attacks.
- Then take a look at the app permissions before installing anything from the Play Store. If an app asks for more permissions than it needs, that’s a red flag that might be of no use.
- Install a reputable security app from the Play Store. This will add an extra layer of protection to your device, catching any malware that slips through the cracks.
- Only download apps from trusted sources. This means avoiding third-party app stores and websites – Stick to the Google Play Store.
- Finally, check reviews before downloading an app. If an app has a lot of negative reviews, it’s probably not worth your time. (Read how fake reviews cause 50% of Android threats).
- Play Store apps caught spreading Android malware to millions
- BRATA Android malware factory resets phones after stealing funds
- New MaliBot Android malware found that steals personal, banking data
- Microsoft warns of developing toll scams that empty wallets of Android malware
- New Russian Android malware tracks GPS location and spies on victims