More than half a million Android users installed malware disguised as smartphone games–right from the Google Play store. Mainly posing as a driving game, the malware was found in as many as 13 apps, according to tweets from ESET security researcher Lukas Stefanko.
This is not the first time malware has made its way onto Android applications. From the Android Monero-mining malware, the Android Facebook-hacking malware, the Loapi Android malware, and more, the company can’t seem to catch a break.
Stefanko’s tweets provided screenshots of the affected games, which were all made by the developer named Luiz Pinto. Before Google took the apps down, two had even reached Google Play store’s trending section, Stefanko added.
SEE: Mobile device security: A guide for business leaders (Tech Pro Research)
As demonstrated by Stefanko on Twitter, whenever a user opened the app, it appeared to crash. But in reality, the malware gave the attacker complete access to the Android device’s network traffic, which the hacker could use to steal information.
If you have already downloaded one of the apps, uninstall them immediately.
Users can also protect themselves from malicious apps with these four easy steps, according to Stefanko on Welivesecurity.
1. Only look at the number of app installations under the “Additional Information” section at the bottom of the page, that is the official download number on the Google Play site.
2. Google Play does not have the blue “verified” check mark symbol in its system. While it does have an “Editor’s Choice” badge, that will be located in the top right corner of the application’s Google Play page.
3. Read the app’s user reviews.Oftentimes users who downloaded a fake app will comment a warning message.
4. Lastly, if the app only has a small number of real downloads, or was added within the last few days, wait for other people to download it first and see if it’s real.
The big takeaways for tech leaders:
- More than 560,000 Android users downloaded malware disguised as smartphone games from the Google Play store.
- Two of the malicious apps ended up on the Play store’s trending section, putting them at even greater risk of being downloaded.