Google Removes 13 More Malicious Android Apps From Google Play

Google has removed 13 malicious Android apps masquerading as games in Google Play, after it emerged they were capable of executing unauthorised commands and code difficult to remove.

The applications in question contained malware similar to that included in two other malicious apps, both called Brain Test, which were removed by Google in September. Each instance of the app was downloaded up to 500,000 times and between 200,000 and 1 million Android users were impacted.

The primary purpose of the malware is to download other applications so those behind the activity could guarantee a minimum number of installs to other developers.

Android malware

However, security experts at Lookout said the structure of the apps and its capabilities mean they could also be used for more sinister activities. A factory reset is not enough to remove the malware, with a re-flashed ROM from the device manufacturer mentioned as the only option.

Lookout identified a number of applications that looked like they had been written by the same developer as Brain Test in October and in December found that one called Cake Tower received an update that allowed it to perform many of the same functions.

It appears as though the developers had spent the previous two to three months testing what titles and techniques they could use to get applications on Google Play without detection, before activating the sleeping software.

The 13 apps were described as games, with names like Jump Planet, Crazy Jelly and the aforementioned Cake Tower, with high ratings and numerous downloads. Lookout said the reason behind the high ratings can be attributed to the fact that infected devices were submitting reviews and because the games were actually fun to play.

Cake Tower was downloaded between 10,000 and 50,000 times and had a rating of 4.5 after 23,175 reviews, while another, Honey Comb, was downloaded up to one million times and had a rating of 4.5 following 79,878 submissions.

Fake apps

Google was notified about the applications and they were removed “promptly”, according to Lookout, which said this type of activity to guarantee downloads was nothing new, it was concerning that so many apps were able to get onto the marketplace.

“What differentiates this particular situation, though, is the delivery mechanism: where PC malware is typically served through misleading advertisements or drive-by-downloads, this malware made it onto a mainstream app store, and in some cases, obtained over 500,000 downloads and an average 4.5 rating before removal,” said Lookout.

“While it’s definitely true that users are considerably safer when downloading only from a mainstream source like the Google Play Store, we recommend users remain cautious and use additional security software to ensure the safety of their device.”

The presence of dodgy software on Google Play has long been a security concern, with many posing as games and other apps, performing hidden functions, harvesting user details and contacting premium rate phone numbers. However even the walled garden of the App Store isn’t immune from infections.

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

10 hours ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

10 hours ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

11 hours ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

11 hours ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

12 hours ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

12 hours ago