Google is said to have removed 13 apps from Google Play after a security researcher found that the apps were installing malware on devices. More than half a million Android users have downloaded and installed malicious apps on their devices, the researcher claimed. The apps not only showed no legitimate functionality but also hid in the handsets to make it easier to install malware. Interestingly, two of these apps had also featured under the 'trending' section on the store. These apps, listed as car and truck driving simulations, are no longer available on the Play Store.
In a tweet, ESET security researcher Lukas Stefanko revealed details about the 13 malicious apps discovered in the Google Play Store. He claimed that these apps containing Android malware were downloaded over 560,000 times. Interestingly, all the apps listed a single developer named Luiz Pinto. These apps were essentially disguised as games, but did not work and rather crashed everytime a user tried to launch them. As mentioned, two of these apps are said to have featured in the Play Store's trending section before Google pulled them.
Some of these Android apps include a truck simulator, fire truck simulator, luxury car driving simulator among others, and the thumbnail images show graphics identical to most legitimate gaming apps. According to Stefanko, the discovered apps would hide themselves and their icons after users launched them. Also, they would be asked to install additional APK called 'Game Center', even though they did not have any legitimate functionality. The researcher has also posted some videos demonstrating how the apps would work.
It is not the first time that a huge number of Android users have been affected by malicious apps containing malware. Last year, an auto-clicking adware called Judy was discovered on 41 apps and said to have affected between 8.5 million and 36.5 million Android devices. Also, another botnet malware called FalseGuide had reportedly infected millions of Android devices via Google Play.