A bunch of racing games on the Google Play store were actually just malware
The games had been downloaded over 500,000 times before anything was done.
If you’ve recently installed a driving game from Google Play, you might be in the over 500,000 users that downloaded malware from Google’s app store.
On Monday, Lukas Stefanko who works at ESET as a security researcher tweeted out details of 13 gaming apps infected with malware on the Google Play store. All of the apps were posing as driving games, and all were from the same developer. Two of the apps were trending in the store, which meant more visibility for unsuspecting users.
Over 580,000 installs of the malicious apps took place before Google yanked them from the storefront.
More info about the games and malware
The games all looked like an innocuous truck or car driving game to anyone browsing them in the store. Once downloaded, expectations were dashed with what looks like a buggy app that crashed every time it was opened.
That’s not what was happening, however, with the app downloading a payload from another domain and installing malware on the user’s phone. Then the app deleted its own icon, hiding it from view.
Don't install these apps from Google Play – it's malware.
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
— Lukas Stefanko (@LukasStefanko) November 19, 2018
What was the purpose of these malicious apps?
It’s not yet clear what the malicious app was meant to do, with the malware scanners on VirusTotal not agreeing on what the apps are actually infected with. We do know that the app has persistence, which means it will launch every time the Android device is started and has full access to the device’s network traffic, which means the malware author can steal secrets.
Google spokesperson Scott Westover confirmed to TechCrunch that the apps “violated our policies and have been removed from the Play Store.”
In a week where Tumblr had their official app removed from the iOS App Store, it’s clear that Google needs to step up their security efforts on apps the company allows into the Google Play store. Over 700,000 malicious apps were pulled by Google last year alone and that issue shows no sign of slowing down.
- Google’s Wear OS gets battery saver mode and an app resume feature
- Apple’s T2 security chip is so secure that it blocks some third-party repairs
- EU Android manufacturers might have to pay up to $40 per device for Google apps