In a shocking revelation, a recent report by threat intelligence researchers at Zscaler has exposed the alarming prevalence of malicious applications on Google Play, the official app store for Android devices. Over the course of a year, between June 2023 and April 2024, these researchers identified and analyzed numerous malware families, uncovering a staggering number of malicious apps that have been downloaded millions of times.
The Most Common Threats
Malicious app types on Google Play
Source: Zscaler
The report highlights a disturbing trend of malicious apps disguised as legitimate tools, personalization, photography, productivity, and lifestyle applications. Among the most common threats detected were:
- Joker: An info-stealer and SMS message grabber that subscribes victims to premium services.
- Adware: Apps that generate fraudulent ad impressions by consuming internet bandwidth and battery life.
- Facestealer: Facebook account credential stealers that overlay phishing forms on legitimate social media applications.
- Coper: An info-stealer and SMS message interceptor capable of keylogging and displaying phishing pages.
- Loanly Installer, Harly, Anatsa (or Teabot), and other banking trojans targeting various financial institutions worldwide.
Most targeted countries
Source: Zscaler
Google’s Response
While Google has implemented security measures to detect and remove malicious apps, threat actors continue to find ways to bypass these safeguards. One common tactic is “versioning,” where attackers deliver malware through application updates or by loading it from external servers.
In response to Zscaler’s findings, Google has stated that the malicious versions of the identified apps have been removed from Play. They also emphasize the role of Google Play Protect, which is enabled by default on Android devices and can warn users or block apps exhibiting malicious behavior.
User Precautions
To minimize the risk of infection, users are advised to:
- Read reviews: Check for reported problems and suspicious comments.
- Verify permissions: Ensure that the app’s requested permissions align with its intended functionality.
- Be cautious of free apps: While free apps can be beneficial, be wary of those offering excessive features or promises.
- Keep your device updated: Regularly install security patches and updates to protect against known vulnerabilities.
Number of transaction blocks per month
Source: Zscaler
The Ongoing Threat
Despite Google’s efforts, the threat of malicious apps on Google Play remains a significant concern. The continuous emergence of new malware families and sophisticated techniques highlights the need for ongoing vigilance from both users and developers. As the mobile landscape evolves, it is essential to stay informed about the latest threats and take proactive steps to safeguard your devices.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. Summitsystemsissp assumes no liability for the accuracy or consequences of using this information.