Cybersecurity researchers discovered information-stealing adware and malware on the Google Play Store last month, with at least five still available and amassing more than two million downloads.
Adware infections display unwanted advertisements that can be particularly intrusive, degrade user experience, drain battery, generate heat, and even cause unauthorized charges.
This software usually tries to hide itself by pretending to be something else on the host device and makes money for the remote operators by forcing the victim to view or click on affiliate advertisements.
However, information-stealing Trojans are far more nefarious, stealing login credentials for other sites you frequent, including your social media and online banking accounts.
Infiltration in the Google Play Store
Dr. Web antivirus analysts report that adware apps and data-stealing Trojans were among the top Android threats in May 2022.
At the top of the report are spyware apps that can steal information from other apps’ notifications, primarily to steal one-time use 2FA (OTP) access codes and take control of accounts.
Of the many threats that have managed to infiltrate the Google Play Store, the following five are still available:
- PIP Pic Camera Photo Editor – 1 million downloads, malware posing as image-editing software, but stealing its users’ Facebook account credentials.
- Wild and exotic animal wallpaper – 500,000 downloads, an advertising trojan that replaces its icon and name with “SIM Tool Kit” and adds itself to the list of battery saving exceptions.
- ZodiaHoroscope – Fortune Finder – 500,000 downloads, malware that steals Facebook account credentials by tricking users into entering them, supposedly to disable in-app ads.
- PIP Camera 2022 – 50,000 downloads, camera effects app which is also a Facebook account hacker.
- Magnifier Flashlight – 10,000 downloads, advertising application that serves videos and static banner ads.
Bleeping Computer has contacted Google to let them know about the above apps and to check if the existing versions have been cleaned up and resubmitted or are still as dangerous as described in Dr. Web’s report.
However, judging from recent user reviews, these apps still demonstrate malicious functionality and fail to deliver on their feature promises.
Other apps spotted by the Dr. Web antivirus team on the Play Store in May 2022 include a racing game, a deleted image recovery tool, a fake state clearing app targeting Russian users, and a “free access” application for the Only Fans platform.
These apps have since been removed from the Play Store, but users who installed them on their devices should remove them and also run a full AV scan to root out all leftovers as well.
Hydra malware infiltration
Cyble researchers have also spotted the Hydra banking trojan on the Google Play Store, recently observed targeting banking customers in Europe.
The malware posed as a PDF document manager with scan text to PDF and QR code features and amassed 10,000 downloads.
Cyble told Bleeping Computer that the malicious app was on the Play Store until June 9, 2022, but Google has since removed it.
However, the same PDF app is still available on third-party stores like APKAIO.com and APKCombo.com, so beware.