Malicious apps downloaded from the Google Play Store over 600 million times in 2023
November 12, 2023

Malicious apps downloaded from the Google Play Store over 600 million times in 2023

Cybersecurity firma Kaspersky revealed that thanks to new and trickier techniques hackers are using to get past Google's security scanners, Android users with Google Play Store took over malicious applications over 600 million times in 2023.

It's an impressive number, and it's also helped by the sheer number of apps in the Google Play Store (more than 3 million unique apps, according to Kaspersky), which makes it mission-impossible to review each one in detail, even for a company like Google.

Not all malicious apps are dangerous from day one

Some malicious apps start their life on the store as legitimate, until at some point with an update they get malicious features thrown in.

The first case that Kaspersky cites in its blog post is interesting because it shows how these apps are installed on Android phones. The iRecorder app was first added to the Play Store in September 2021, and 11 months later, an update added the AhMyth trojan code, which caused the app to record every 15 minutes through its microphone, on all phones it was installed on. The recordings were sent to the server of the creator of the malicious application.

Until May 2023, when iRecorder – Screen Recorder app marked as malware, has been downloaded 50,000 times. However, the iRecorder story illustrates how these apps pass Google's checkpoints; they start out as a simple application that does only what the developer claims. But after a while, an update sends malware, and suddenly that harmless app you installed on your Android phone becomes dangerous.

Another strategy used by cybercriminals is to open multiple different Google Play accounts. That way, if Google releases an app with malware, a similar one can be uploaded to the Play Store. As an example, Kaspersky describes three applications: Beauty Slimming Photo Editor, Photo Effect Editor and GIF Camera Editor Pro. This troika had 620,000 installs while containing the Fleckpe subscription Trojan.

Minecraft clones with adware have been downloaded 35 million times!

When these apps are opened on the phone, the malware is downloaded onto the device, which would then open a browser window that the phone user could not see. The browser would be directed to sites offering paid subscriptions, and after intercepting the confirmation, the malware would register the device owner for paid subscriptions through their mobile account, which the app had access to.

One of the most widespread malware applications that came from the Google Play Store last year was SpinOk. About 200 infected applications were installed an incredible 451 million times. The apps were supposed to deliver mini-games that would pay out cash prizes to players. However, these apps actually collected user data and sent it to the hacker's server.

One thing you can do to protect yourself from installing malware is to check the comments section of the Google Play Store for every app from an unknown developer that you want to install. Forget about positive comments with high ratings, because they can be faked. Instead, check the negative comments with low ratings, as they are likely to give you a true picture of the app.