Malware-Laden Game Apps On Google Play Are Likely Affecting Half A Million Users
Malware-laden apps are nothing new for the Google Play store where Android users go to download apps of all sorts. Google has been heavily criticized over the years for not doing enough to prevent malicious apps from being offered to users via the Google Play Store. This year we have seen a malicious app masquerading as the official Uber app with the intent of stealing real Uber account details. North Korean hackers also created a data-stealing malware app in May with the goal of seeking revenge on defectors. Thirteen game apps were recently identified as being malicious, and together the apps had been installed by over half a million users.
The games were all driving simulators with one of them, called the Truck Cargo Simulator, being the number two game in the trending section of the Play Store. That game alone had racked up 100,000 downloads. The malicious apps were discovered by Lukas Stefanko, a security researcher at ESET. At the time Stefanko outed the apps as malicious, two of them were among the top trending games and altogether the 13 apps were installed over 580,000 times.
Don't install these apps from Google Play - it's malware.— Lukas Stefanko (@LukasStefanko) November 19, 2018
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
Google has confirmed that all 13 apps had been removed from the store since Stefanko announced the discovery via Twitter. Users who downloaded any of the games were greeted with an app that crashed each time the game launched. Behind the scenes, the apps installed malware and then deleted the app icon at the same time. Oddly, no one seems to know what exactly the malware does, however, it launched every time the Android device started and had "full access" to the device's network traffic and could have been used to steal confidential data.
Google spokesperson Scott Westover said that the apps, "violated our policies and have been removed from the Play Store." Google takes a vastly different approach to security than Apple does with the App Store. Apple actively checks each app it allows on the App Store before allowing users access to the apps (and even then, some malicious apps still slip through). Google does the opposite allowing any app to be made available on the Play Store and then removing them if they turn out to be malicious. The catch is that Google typically responds after huge numbers of downloads have been made, often after tens of thousands of user devices are infected. Google is reported to have removed 700,000 malicious apps from the Play Store last year.