Jul 28 2022, 09:17 AM, updated 4y ago
A new batch of malicious Android apps filled with adware and malware was found on the Google Play Store that have been installed close to 10 million times on mobile devices.
The apps pose as image-editing tools, virtual keyboards, system optimizers, wallpaper changers, and more. However, their underlying functionality is to push intrusive ads, subscribe users to premium services, and steal victims' social media accounts.
Google has removed the vast majority of the presented applications, but at the time of writing this, three applications remain available for download and installation via the Play Store.
The new malicious Android apps
The adware apps discovered by Dr. Web are modifications of existing families that first appeared on the Google Play Store in May 2022.
Upon installation, the apps request permission to overlay windows over any app and can add themselves to the battery saver's exclusion list so they can continue running in the background when the victim closes the app.
The full list of adware apps can be found at the bottom of the link article, but one notable example still on the Play Store is 'Neon Theme Keyboard,' which has over a million downloads despite the 1.8-star score and many negative reviews.
.jpg)
The second category of malicious apps found on the Play Store is Joker apps, known for incurring fraudulent charges on victims' mobile numbers by subscribing them to premium services.
Two of the listed apps, 'Water Reminder' and 'Yoga – For Beginner to Advanced,' are still on the Play Store, having 100,000 and 50,000 downloads, respectively.
BleepingComputer has contacted Google about the malicious apps remaining on the Play Store but has not heard back at this time.
https://www.bleepingcomputer.com/news/secur...om-google-play/
Quote
0.0144sec
0.55
5 queries
GZIP Disabled