With a vast selection of over 3 million apps, Google Play stands as a massive and trusted digital marketplace. Yet a recent trend prompts users to question the effectiveness of Google’s efforts in curbing malware distribution. In 2023, a whopping 600 million downloads of malware occurred through the Google Play Store. Kaspersky reports highlight the various methods used by threat actors to distribute the malware.
First, the case of iRecorder. A screen-recording app that appeared harmless but was used to distribute malware to thousands of users. Initially introduced in September 2021, it garnered a user base of over 50,000 before an update in 2022. This update, discovered by security researchers in May 2023, turned the app into a silent eavesdropper, recording sounds from users’ microphones every 15 minutes and sending them to the developers’ servers. It’s a common pattern: an app starts harmless, builds a user base, and then a quiet update introduces malicious functionalities.
Moving on, a group of seemingly harmless photo editing apps concealed a potent threat called the Fleckpe subscription trojan. This malware operates by deploying an obfuscated native library and running a malicious payload. The payload communicates with a command-and-control server and collects device information. It then subscribes the victim to a paid service by intercepting and utilizing confirmation codes from notifications. Meanwhile, users use the app’s real features without knowing they’ve been signed up for a paid service.
In 2023, users downloaded malware 600 million times from the Google Play Store
Two more deceptive cases unfolded with Chinese spyware apps disguised as file managers. Despite explicit claims of no data collection, they were collecting user data and sending it to servers in China. With 1 million and 500,000 downloads, respectively, these apps remained overlooked by hiding desktop icons to evade detection and deletion.
The year 2023 witnessed a proliferation of adware, ranging from those that sneakily loaded ads when smartphones were idle to deceptive promises of payouts for ad views. More than thirty different Minecraft clone apps harbored HiddenAds adware, revealing hidden ads without user knowledge. A staggering 60 apps, amassing 100 million downloads, fell victim to Goldoson adware. Goldoson adware opens web pages in the background to display ads and harvest user data.
The most alarming discovery of the year came when researchers stumbled upon a staggering 190+ apps, collectively amassing 450+ million downloads, infected with SpinOK malware. These apps disguised as innocent mini-games with enticing cash rewards, covertly collected user data and sent it back to the attackers’ command and control server.
From draining batteries with concealed ads to actively stealing user data, the enormity of 600 million malware downloads on Google Play beckons a reassessment of security measures. Hopefully, Google will see this trend and allocate more resources to protecting users from downloading malware from Google Play.