Google has removed 13 apps from its Play Store after it was discovered that they installed malware on user’s devices. According to estimates by Lukas Stefanko, a researcher at ESET antivirus and Internet security company, the apps have been downloaded more than 560,000 times.
The infected apps
The apps, listed as driving games, were developed by a single person. Some of these apps were also highlighted in the trending section of the Play Store. Not only did the apps not show any proper functionality, but they hid in the handsets so as to make malware installation easier.
“Anyone downloading the apps were [sic] expecting a truck or car driving game. Instead, they got what appeared to be a buggy app that crashed every time it opened. In reality, the app was downloading a payload from another domain — registered to an app developer in Istanbul — and installed malware behind the scenes, deleting the app’s icon in the process,” according to Tech Crunch.
Unfortunately, it is not clear as to what exactly the malware was supposed to do. However, what the researcher discovered is that the malware was incredibly persistent since it launched every time a user started their smartphone. The malware also had full access to the network, which means that the person behind its creation had the power to steal private information stored on the device.
Google has been dealing with malware issues on its Play Store for a long time. In 2017, the company discovered that an adware called Judy was present in 41 apps. The malware was estimated to have affected up to 36.5 million Android devices. The apps were eventually removed from the store. In 2017, Google purged over 700,000 apps suspected to have been malicious.
Android malware infection
Google’s attempts at encouraging users to download apps solely from their Play Store have been critical in reducing instances of malware infections in Android devices.
“We attribute this to many factors, such as continued platform and API hardening, ongoing security updates and app security, and developer training to reduce apps’ access to sensitive data. In particular, newer Android versions — such as Nougat, Oreo, and Pie — are more resilient to privilege escalation attacks that had previously allowed PHAs [Potentially Harmful Application] to gain persistence on devices and protect themselves against removal attempts,” according to an official Google post.
The percentage of Android devices that include a minimum of one PHA is more than 0.5 percent for devices that run OS versions KitKat, Lollipop, and Marshmallow. For Nougat, this figure drops to 0.25 percent. And for the latest Pie version, the incidence of PHA is just 0.06 percent.
Users who installed apps only through the Play Store were also found to have lower instances of malware infection when compared to those who side-load apps through third-party locations. The PHA for “Google Play only” users is just 0.09 percent. For users who sideloaded apps, the PHA was found to be 0.61 percent. In effect, Android devices that only use apps downloaded straight from the Play Store were 9 times more secure than others.
India, Indonesia, the United States, Japan, and Russia have the most number of infected Android devices in the world. With the latest iterations of the OS, there has been a clear downward trend in malware infections in these countries.