Google Removes 13 More Malicious Android Apps From Google Play

Google has removed 13 malicious Android apps masquerading as games in Google Play, after it emerged they were capable of executing unauthorised commands and code difficult to remove.

The applications in question contained malware similar to that included in two other malicious apps, both called Brain Test, which were removed by Google in September. Each instance of the app was downloaded up to 500,000 times and between 200,000 and 1 million Android users were impacted.

The primary purpose of the malware is to download other applications so those behind the activity could guarantee a minimum number of installs to other developers.

Android malware

However, security experts at Lookout said the structure of the apps and its capabilities mean they could also be used for more sinister activities. A factory reset is not enough to remove the malware, with a re-flashed ROM from the device manufacturer mentioned as the only option.

Lookout identified a number of applications that looked like they had been written by the same developer as Brain Test in October and in December found that one called Cake Tower received an update that allowed it to perform many of the same functions.

It appears as though the developers had spent the previous two to three months testing what titles and techniques they could use to get applications on Google Play without detection, before activating the sleeping software.

The 13 apps were described as games, with names like Jump Planet, Crazy Jelly and the aforementioned Cake Tower, with high ratings and numerous downloads. Lookout said the reason behind the high ratings can be attributed to the fact that infected devices were submitting reviews and because the games were actually fun to play.

Cake Tower was downloaded between 10,000 and 50,000 times and had a rating of 4.5 after 23,175 reviews, while another, Honey Comb, was downloaded up to one million times and had a rating of 4.5 following 79,878 submissions.

Fake apps

Google was notified about the applications and they were removed “promptly”, according to Lookout, which said this type of activity to guarantee downloads was nothing new, it was concerning that so many apps were able to get onto the marketplace.

“What differentiates this particular situation, though, is the delivery mechanism: where PC malware is typically served through misleading advertisements or drive-by-downloads, this malware made it onto a mainstream app store, and in some cases, obtained over 500,000 downloads and an average 4.5 rating before removal,” said Lookout.

“While it’s definitely true that users are considerably safer when downloading only from a mainstream source like the Google Play Store, we recommend users remain cautious and use additional security software to ensure the safety of their device.”

The presence of dodgy software on Google Play has long been a security concern, with many posing as games and other apps, performing hidden functions, harvesting user details and contacting premium rate phone numbers. However even the walled garden of the App Store isn’t immune from infections.

Are you a security pro? Try our quiz!