The Google Play Store is littered with dangerous trojans

Malicious apps sometimes slip past Google’s virtual bouncers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

TheGoogle Play Storeis reportedly littered with trojans andmalware-infected apps that are stealing sensitive information, and money, from unsuspecting victims.

Cybersecurity researchers from Dr. Web recently analyzed the state of the mobile app store, and found that the number of trojanized apps (seemingly legitimate applications, carrying trojans either directly within code, or by means of “updates” or “addons”) is “spiking”.

In most cases, the compromised apps are eithercryptocurrency walletsand management apps, investment app clones, orphoto editors. While Google managed to remove most of the apps from the store already, some persisted, with one of the apps from the list - Top Navigation - still available on the Play Store at press time.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

That app, together with another one from the same developer - called Advice Photo Power, have been downloaded more than 600,000 times, although the users don’t seem to be all too pleased with the apps, judging by the comments.

Squeezing past Google’s defenses

When they’re not stealing sensitive data, these apps will load affiliate service sites, or trick people into enabling paid subscriptions.

But squeezing a malicious app into Google Play Store - and keeping it there - is a difficult task. That’s why threat actors also use other online communities, such as websites, forums, or social media channels, to distribute the apps.

Dr. Web’s report says that one of the most significant threats this year - variousWhatsAppmods - were distributed just like that. These mods include GBWhatsApp, OBWhatsApp, or WhatsApp Plus, which claim to offer support for additional languages, home screen widgets, call blocking, or other features that aren’t available in the actual app.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

New Android update helps you communicate better with iPhone users>Google wants your next work laptop to be an Android tablet>Upcoming Android update could stop you deleting your apps

Once installed, some of these apps will even download additional malicious APKs, claiming that they’re downloading an update.

To keep the Android device safe from various threats, users should stay away from downloading apps from third-party sources, make sure to always read comments and reviews before downloading an app from the Play Store, to pay attention to the permissions each new app is asking for, watch for any unexpected battery drain, and to monitor all of the online purchases made by various mobile apps, researchers have warned.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)