60 Million Android Users Infected By Malicious Vapor App Threat On Google Play
The cat-and-mouse game between Google and hackers continues; many hackers upload applications daily. However, Google has some security measures in place to help identify apps that are laden with viruses. If this is the case, how do users still download malicious apps from the Play Store? The cybersecurity company provided two major answers.
Just as technologies like AI and machine learning evolve each day, bad actors create smarter and more complex ways to launch cyberattacks. Sometimes, these actors devise ways to circumvent Google Play's built-in protection and upload malicious apps. Users, in turn, get the malware installed on their phones after downloading the apps. Other times, hackers will upload a safe app to the Play Store, but after the app is approved and available for download, bad actors will embed hidden malware.
Attackers sometimes take advantage of these ad fraud campaigns to generate revenue. Other times, they compromise users' devices through phishing attacks. This enables attackers to steal victims' personal information, including their credentials, and also helps them tailor future attacks to the specifications of users' devices.
Over 330 malicious applications deployed in this ad fraud campaign have been identified in the App Store. Over 180 were identified by IAS Threat Lab while Bitdefender reported the others. These security companies have pointed out these apps to Google, and Google has removed most of them, although when Bitdefender compiled its security research it noted that 15 out of the 331 apps are still on the Play Store.
This is not the first time malware-embedded applications have been identified on the Play Store; we reported on some similar cases a few weeks ago. Hence, your app isn't safe simply because you downloaded it from the App Store. You should be wary of apps that show excessive ads and request unnecessary permissions, as granting them could make your device vulnerable to hackers. If you're particularly lackadaisical, you may want to consider a more effective mobile security solution that can help detect abnormal app behaviors.
Also, the security reports from the two cybersecurity companies have emphasized the need for Google to strengthen its security measures to better protect users from compromising their smartphones with apps downloaded from "official source."
