Two Million Android Malware Apps Discovered on Google Play

Two Million Android Malware Apps Discovered on Google Play

Over two million individuals have been duped into installing new Android malware, phishing, and adware applications that have penetrated the Google Play store. The applications found by Dr Web antivirus seem to be helpful utilities and system optimizers but are actually the causes of performance glitches, advertisements, and a worse user experience.

One Dr Web-illustrated app with one million downloads is TubeBox. It is still accessible on Google Play. When trying to redeem the collected prizes, TubeBox consistently presents errors, despite promising users monetary rewards for watching movies and advertisements on the app. According to the researchers, users who complete the final withdrawal stage never actually receive the money because the whole thing is just a ploy to keep users on the app as long as possible so they may view adverts and bring in money for the makers.

The following adware applications also showed up on Google Play in October 2022 but were later taken down:

  • Bluetooth device auto connect (bt autoconnect group) – 1,000,000 downloads
  • Bluetooth & Wi-Fi & USB driver (simple things for everyone) – 100,000 downloads
  • Volume, Music Equalizer (bt autoconnect group) – 50,000 downloads
  • Fast Cleaner & Cooling Master (Hippo VPN LLC) – 500 downloads

These applications take instructions from Firebase Cloud Messaging and load the URLs listed in them, which results in the fraudulent display of advertisements on the affected devices. The remote operators might also set up an infected device to work as a proxy server in Fast Cleaner & Cooling Master, which had a low download volume. The threat actors might route their own traffic through the compromised device using this proxy server.

Lastly, Dr Web came across several loan scam applications with an average of 10,000 downloads on Google Play that claimed to have a direct connection to Russian banks and investment companies. These apps were marketed through malicious advertising on other applications, offering assured investment returns. Actually, the apps direct users to phishing websites where their personal data is gathered.

You should always look for bad reviews, carefully read the privacy statement, and visit the developer’s website to verify the legitimacy of an app before downloading it from Google Play. Try to limit the number of installed applications on your smartphone to a low generally, and check in occasionally to make sure Google Play Protect is turned on.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.