Google puts malware in the Trending page in the Play Store - over half million download as a result

[GoodBytes]

A series of malware has made it on the Google's Play Store, where they are disguised as mobile games with attractive icons and screenshots, managed to get some of them reach Trending page, allowing the malware to get over half million downloads. These malware disguised as games, were discovered by the security researcher, Lukas Stefanko, from the security company ESET, and since it has reached the media, Google has finally taken the apps down.

 

NDTV reports:

Quote

Google is said to have removed 13 apps from Google Play after a security researcher found that the apps were installing malware on devices. More than half a million Android users have downloaded and installed malicious apps on their devices, the researcher claimed. The apps not only showed no legitimate functionality but also hid in the handsets to make it easier to install malware. Interestingly, two of these apps had also featured under the 'trending' section on the store. These apps, listed as car and truck driving simulations, are no longer available on the Play Store.

Some of these Android apps include a truck simulator, fire truck simulator, luxury car driving simulator among others, and the thumbnail images show graphics identical to most legitimate gaming apps. According to Stefanko, the discovered apps would hide themselves and their icons after users launched them. Also, they would be asked to install additional APK called 'Game Center', even though they did not have any legitimate functionality. The researcher has also posted some videos demonstrating how the apps would work.

 

As also noted by NDTV, this is the not the first time Google slip malware to its Store. Last year, 41 malware managed to reach the store affecting between 8.5 to 36.5 million people. (the big range is because Google aren't sharing exact download numbers), and also, again, last year, million of users where affected by a botnet.

 

Quote

It is not the first time that a huge number of Android users have been affected by malicious apps containing malware. Last year, an auto-clicking adware called Judy was discovered on 41 apps and said to have affected between 8.5 million and 36.5 million Android devices. Also, another botnet malware called FalseGuide had reportedly infected millions of Android devices via Google Play.

Source: https://gadgets.ndtv.com/apps/news/google-pulls-13-android-apps-installed-over-500-000-times-containing-malware-report-1952366

 

How these fake games that doesn't even actually run passes Google app store validation system is very surprising. Clearly, especially that this is not the first time, Google system is not working.

I mean it is one thing if this was a game where it managed to fool Google with hidden code. But here it doesn't even actually run (well it does, on the back, infecting the user).

[iLostMyXbox21]

7 minutes ago, GoodBytes said:

How these fake games that doesn't even actually run passes Google app store validation system is very surprising

what validation? as someone who has uploaded to gooogle play store (but deleted it due to me realiseing i done goofed with collisions and such)  i know all you do is pay the $25 for a dev account and upload your game.... no validation just a one time payment of $25 and i bunch of forms to fill out for EVERY game

[Enderman]

14 minutes ago, iLostMyXbox21 said:

what validation? as someone who has uploaded to gooogle play store (but deleted it due to me realiseing i done goofed with collisions and such)  i know all you do is pay the $25 for a dev account and upload your game.... no validation just a one time payment of $25 and i bunch of forms to fill out for EVERY game

[Arika]

google is known for not giving a shit about it's play store, they put stuff on the front page based on how much money the developer offers them. this is why i search for game/app recommendations in other locations (like reddit) then search for them specifically in the app store so i know i'm getting the right one

[Drak3]

1 minute ago, Arika S said:

 

google is known for not giving a shit about it's play store, any of their products

 

Fixed that.

[GoodBytes]

1 hour ago, James Evens said:

why is this a news?  a app managed to get enough attention and optimization that a algorithm AI decided to promote it

Oh wait it was again on of those anti virus selling company blogs and media love these stories. Just like the random warning for malware attacks on refrigerators by the BSI president (Germany).

13 apps (well supposedly game), 2 reach trends, and that is just 1 case.

As mentioned, other apps made it in the past as well. This is NOT a one off event.. this is a reoccurring issue which Google has little to no interest in fixing or even improving. They always made no claims, says nothing, beside removing the apps, and hope the story is quickly forgotten, as if already having these apps remove is a big favor it is asked from the company. That is the issue. Google does not take security of the devices running its own OS seriously.

[DrMacintosh]

Google looking for a Sandbox environment for apps to run in*

 

[Amazonsucks]

If you download random apps you should at least have Lookout Mobile Security.

[Ashley MLP Fangirl]

good thing i have an iPhone...

[vanished]

I was curious about the apps and the source link didn't disappoint

 

Spoiler

 

So yeah, it was "these kind".  You know what they're like and what I'm talking about if you've ever seen one played, and the style is distinctive so it's not hard to tell when it's one of "those".  Idk who these are fooling, even if they weren't malware they're shit so how they managed to get 500M downloads is beyond me.

 

These things are a dime a dozen and clutter the store.  Just look at the racing section right now:

Spoiler

 

Odds are some of these are actually good and maybe not even malware (in fact I know that for a fact), but the majority... *sigh*

 

I'm not at all surprised people were fooled into thinking these were more of the same, I'm baffled that so many people "play" these in the first place.

[Amazonsucks]

12 minutes ago, firelighter487 said:

good thing i have an iPhone...

https://us.norton.com/internetsecurity-emerging-threats-ios-malware-xcodeghost-infects-millions-of-apple-store-customers.html

 

https://appleinsider.com/articles/18/09/07/more-malicious-apps-found-in-mac-app-store-that-are-stealing-user-data

 

Apple is not immune to malware.

[mr moose]

Does this mean I should stop randomly installing games based on the pictures?

 

 

 

 

 

 

 

 

 

/s

[sof006]

One thing that Apple does great at is maintaining a safe platform. I wish Google would buck their ideas up and do something about Android.

[suicidalfranco]

and that's why I use F-Droid.

Google should do like Steam and have the front page be tailored to users preferences, and just like Steam let people set their own blacklist.

Bonus points if blacklists can be shared

[Master Disaster]

Is there any evidence that Google actually put these apps there or is that just trending doing what trending does and automatically putting popular apps in the list?

[Nicnac]

1 hour ago, Amazonsucks said:

https://us.norton.com/internetsecurity-emerging-threats-ios-malware-xcodeghost-infects-millions-of-apple-store-customers.html

 

https://appleinsider.com/articles/18/09/07/more-malicious-apps-found-in-mac-app-store-that-are-stealing-user-data

 

Apple is not immune to malware.

quasi-immune

[Amazonsucks]

5 minutes ago, Nicnac said:

quasi-immune

Which translates to: just as vulnerable as any normal shitty OS like android or windows.

 

If you need security you need mainframe style, secure by design software, with hardware root of trust. Consumer products generally dont have those features.

[Nicnac]

Just now, Amazonsucks said:

Which translates to: just as vulnerable as any normal shitty OS like android or windows.

 

If you need security you need mainframe style, secure by design software, with hardware root of trust. Consumer products generally dont have those features.

I'd say an apple user is more "guarded" in apple's ecosystem. Of course if you are actively looking for shit on the web and downloading it you can probably get every device infected but especially for not that tech-savy people it's harder to have their iphone hacked than their android phone which isn't to say it's not possible at all. All depends on what level of security we are talking. After all no one is safe  

[Amazonsucks]

5 minutes ago, Nicnac said:

I'd say an apple user is more "guarded" in apple's ecosystem. Of course if you are actively looking for shit on the web and downloading it you can probably get every device infected but especially for not that tech-savy people it's harder to have their iphone hacked than their android phone which isn't to say it's not possible at all. All depends on what level of security we are talking. After all no one is safe  

What x code ghost proved is that Apple's walled garden approach is just as insecure as Google Play though...

 

Apple users have the false sense of security that the walled garden works but people who deal with cybersecurity issues should know better.

[Arika]

25 minutes ago, Amazonsucks said:

What x code ghost proved is that Apple's walled garden approach is just as insecure as Google Play though...

 

Apple users have the false sense of security that the walled garden works but people who deal with cybersecurity issues should know better.

Basically anything connected to the internet is vulnerable, nothing is safe. 

[Trixanity]

Headline is misleading. Google didn't put it there. It implies Google approved of or knowingly put malware infected apps on the store's trending page. In reality it's the same algorithm problem as per usual.

5 hours ago, DrMacintosh said:

Google looking for a Sandbox environment for apps to run in*

 

Android is sandboxed.

[Castdeath97]

8 hours ago, Ryan_Vickers said:

I was curious about the apps and the source link didn't disappoint

 

  Hide contents

 

So yeah, it was "these kind".  You know what they're like and what I'm talking about if you've ever seen one played, and the style is distinctive so it's not hard to tell when it's one of "those".  Idk who these are fooling, even if they weren't malware they're shit so how they managed to get 500M downloads is beyond me.

  

These things are a dime a dozen and clutter the store.  Just look at the racing section right now:

  Hide contents

 

Odds are some of these are actually good and maybe not even malware (in fact I know that for a fact), but the majority... *sigh*

 

I'm not at all surprised people were fooled into thinking these were more of the same, I'm baffled that so many people "play" these in the first place.

These clones are also plaguing the iOS App Store as well and hiding the actual good car games like Assoluto. Probably mostly played by children as their physics are a joke and the gameplay is practically none existent . My guess is that there is some sort of asset in Unity that these """Developers""" keep flipping.

[RejZoR]

So, "Play Protect" doesn't seem to do anything apparently... Use a proper antivirus. They are not CPU or battery intensive anyway.

[mynameisjuan]

14 minutes ago, RejZoR said:

So, "Play Protect" doesn't seem to do anything apparently... Use a proper antivirus. They are not CPU or battery intensive anyway.

Since play protect, the 3 times weekly malware news fell off drastically. This is the first I heard of in a bit. Play Protect is doing its job. No AV is bullet proof but I am not sure when Play Protect kicks in or how often.

[Speed Weed]

The title is so misleading. Google PULLS malware off Googleplay Store, not Google PUTS malware in Google PlayStore ( If this is true than there will be a big ass sued).