Over 560,000 Android users downloaded malware hidden in 'games'
MANILA, Philippines – There were more than 560,000 installations of Android malware disguised as games on the Play Store, TechCrunch reported Wednesday, November 21.
ESET security researcher Lukas Stefanko exposed 13 driving simulation apps on the Play Store which hid malware that downloaded a payload from a different domain. The payload domain was registered to an app developer in Istanbul, and surreptitiously installed malware while deleting the app's icon in the process to make it more difficult to spot.
The 13 apps were all made by the same developer and two of them were trending on the store at the time of his tweets, making them more prominent.
Don't install these apps from Google Play - it's malware.— Lukas Stefanko (@LukasStefanko) November 19, 2018
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
App functionality demonstration pic.twitter.com/11HskeD56S— Lukas Stefanko (@LukasStefanko) November 19, 2018
Malware scanners cannot agree on what the malware does, but it is known the malware launches every time the device is booted up and has full access to network traffic, which makes it able to steal information from the user.
While Google did take the errant apps down eventually, it has not commented on the malware and how the malicious applications managed to become trending. – Rappler.com