All 9 malicious apps were found on Google Play Store.
In recent news, a research team of malware analysts from Dr. Web has uncovered several Android apps that were pretending to be harmless photo editing, app locker, rubbish cleaner, fitness program, and astrology program apps. But in reality, these apps were secretly stealing the users’ login credentials.
In total, 10 of these Trojan apps were found, out of which, 9 were available on Google Play.
Google intervened to remove these nine apps from their play store but by the time they were removed, they had already been installed more than 5.8 (5,856,010) million times.
These apps prompted users to enter their Facebook login details to access all of the apps’ functions and, allegedly, to disable in-app ads.
The stolen information was exfiltrated to the server by the trojanised applications.
The list of apps and the numbers of times they have been installed are as follows:
- App Lock Manager – 10 installs
- Horoscope Pi – 1,000 installs
- Lockit Master – 5,000 installs
- App Lock Keep – 50,000 installs
- Inwell Fitness – 100,000 installs
- Horoscope Daily – 100,000 installs
- Rubbish Cleaner – 100,000 installs
- Processing Photo – 500,000 installs
- PIP Photo – 5,000,000 installs
“The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions,” the researchers from Dr. Web stated in their blog post.
Watch out for malware on the Play Store
Although Google Play Store is home to millions of apps, it is also a breeding ground for malicious apps. In fact, nasty malware like Joker, AlienBot Banker, and TeaBot, etc. have already infected millions of unsuspecting Android users worldwide.
Avoid downloading unnecessary apps
This discovery only shows how many scams and fraudulent apps exist on Google Play Store and it is really easy to fall into the trap of scammers which is why people are better off only downloading apps that are from known and trusted developers.
Moreover, you should properly consider what kind of permissions you grant to the apps that you use and carefully go through the user reviews of apps before installing them.
Google removes malicious apps
Google has taken note of this issue and subsequently, they announced new measures for the Play Store which ensure that if any developer wants to publish their app, they first need to turn on 2-Step Verification (2SV) for their accounts, provide an address, and verify their contact details.