Over 2,000 malicious apps exists on Play Store

If you thought that the quality control issues plaguing the Google Play Store for Android were finally being ironed out, it couldn't be further from the truth. A two-year-study by the University of Sydney and CSIRO’s Data61 has come to the conclusion that there are at least 2,040 counterfeit apps on Google Play Store. Over 2,000 of those apps impersonated popular games and had malware. The paper, a Multi-modal Neural Embedding Approach for Detecting Mobile Counterfeit Apps, was presented at the World Wide Web Conference in California in May documenting the results.

The study shows that there is a massive number of impersonated popular gaming apps available on Play store. They include fake versions of popular games such as Temple Run, Free Flow and Hill Climb Racing. The study investigated around 1.2 million apps on Google Play Store, available in Android, and identified a set of potential counterfeits for the top 10,000 apps.

Counterfeit apps impersonate popular apps and try to misguide users`. “Many counterfeit apps can be identified once installed. However, even a tech-savvy user may struggle to detect them before installation,” the study says.

It also points out that fake apps are often used by hackers to steal user data or infect a device with malware. “Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences like financial losses or identity theft,” reads a blog post by the university.

The study also found that 1,565 asked for at least five dangerous permissions and 1407 had at least five embedded third-party ad libraries.

To investigate these applications on Google Play store the researchers used neural networks.

Google has acknowledged the problem of “malicious apps and developers” in a blog post by Google Play product manager Andrew Ahn on February 13, 2019.

According to Google, the company now removes malicious developers from Play store much faster when compared to previous years. The company says that in 2018 it stopped more malicious apps from entering the store than ever before.

A Google spokesperson, in response to a TOI email, said, “When we find that an app has violated our policies, we remove it from Google Play.”

Pre-installed Android Apps Invade Privacy; Situation Still Out Of Control



Recent studies have provided evidence as to the role the pre-installed android application play in the breach of privacy of users.


Google doesn't seem to be paying enough attention on the issue which concerns security.

Heavy security checks are required of them as similar to the checks done for play store versions of the applications.

According to an independent study led by a group in Spain, personal information could be harvested by these pre-installed applications.

A well-known institute of Madrid IMDEA Institute and Stony Brook University checked out the pre-installed apps on the android devices from over 2700 users, over 1700 devices from around 200 vendors all across 130 countries.

The study didn't go deeper about the EU's General Data Protection Regulation laws and the difference they would make.




Android is a highly customized operating system despite its being owned by Google. This includes the packaging of other applications with the operating system before they are delivered to other users.

As per the aforementioned study, a potential threat to users' privacy prevails by the hands of  the infamous pre-installed apps which never undergo the security checks that the other downloaded apps do.

As usually is the case, pre-installed applications could never be uninstalled and aren't even subject to the severe security checks which are a must to keep the users safe.

It was implied by the co-author of the study that apparently no one keeps track of what the pre-installed applications do. There is a major lack of transparency and regulation.

In reply to all of this, Google said that it provides tools to equipment manufacturers which ensures that Google's  privacy and security standards aren't hampered. 

One of Google's spokespersons also mentioned that clear policies regarding the pre-installed applications are given to their partners also that information related with potential hazards is regularly disseminated to them.

The issue of the pre-installed apps has caught fire quite heavily now. A US department of Justice dug into Facebook. Partnerships are also being looked into.


Google to shut down Google+ and Inbox on April 2





After its social media website Google+, the company has announced that they are now shutting down its Inbox app.

Google will start notifying all its users about the closure of its Inbox from March 18th through a pop-up screen that will pop up every time users will be on the app.

The notification will also include a link to the Gmail app to ensure that it does not disappoint its users. Gmail has recently updated its app with new eye-catching features like Smart Reply, Smart Compose, and Follow-ups.

Now, it is really difficult to find Inbox by Gmail on the Google Play Stores.

The notification released by Google reads:
“This app will be going away in 13 days,” the alert reads. “You can find your favorite inbox features in the Google app. Your messages are already waiting for you.”

While on their official website Google said:

“Inbox is signing off. Find your favorite features in the new Gmail. We are saying goodbye to Inbox at the end of March 2019. While we were here, we found a new way to email with ideas like snooze, nudges, Smart Reply and more. That’s why we’ve brought your favorite features to Gmail to help you get more done. All your conversations are already waiting for you. See you there.”

Malicious Android Adware Infects Approximately 200 Apps on Play Store



 A monstrous adware campaign nicknamed "SimBad" was found to be in around 206 applications on Google Play Store, known to have been downloaded roughly 150 million times. Since most of them are simulation type games, thus the term 'SimBad' has been coined.

The designers of the applications may not be entitled totally to the blame as they also may have been baited by false promises. They may have not understood that they were utilizing a promotion related software development kit or SDK whose reason for existing is to install adware on devices.

Once an application infected by SimBad gets downloaded, the adware registers itself on the system with the goal that it can keep running on boot and from that point onwards, it can perform activities like opening a browser page to phish user information, open an application store including Google Play Store (to be specific) potentially malicious application, or even download and install an application in the background.

As per Security outfit Check Point, the applications perform different malicious behavior that the user's need to be wary of, including:
  1. Showing ads outside of the application, for when the user unlocks their phone or uses other apps.
  2. Constantly opening Google Play or 9Apps Store and redirecting to another particular application, so the developer can profit from additional installations.
  3. Hiding its icon from the launcher in order to prevent uninstallation.
  4. Opening a web browser with links provided by the app developer.
  5. Downloading APK files and asking the user to install it.
  6. Searching a word provided by the app in Google Play.

As a matter of fact, SimBad is less appalling than other malware that got away from Google's notice however it does as of now can possibly accomplish more harm as, according to Checkpoint, "SimBad' has abilities that can be divided into three groups namely - Show Ads, Phishing, and Exposure to other applications.

Keeping in mind the user privacy, Google has officially brought down the infected applications and will doubtlessly add the adware strain to Google Protect’s AI.


Google’s security program has caught issues in 1 million apps in 5 years

Security is a common concern when it comes to smartphones and it has always been especially important for Android. Google has done a lot over the years to change Android’s reputation and improve security. Monthly Android security patches are just one part of the puzzle. Five years ago, the company launched the Application Security Improvement Program. Recently, they shared some of the success they’ve had.

First, a little information on the program. When an app is submitted to the Play Store, it gets scanned to detect a variety of vulnerabilities. If something is found, the app gets flagged and the developer is notified (above). Diagnosis is provided to help get the app back in good standing. Google doesn’t distribute those apps to Android users until the issues are resolved.

Google likens the process to a doctor performing a routine physical.

Google recently offered an update on its Application Security Improvement Program. First launched five years ago, the program has now helped more than 300,000 developers fix more than 1 million apps on Google Play. In 2018 alone, it resulted in over 30,000 developers fixing over 75,000 apps.

In the same year, Google says it deployed the following six additional security vulnerability classes:

▬ SQL Injection

▬ File-based Cross-Site Scripting

▬ Cross-App Scripting

▬ Leaked Third-Party Credentials

▬ Scheme Hijacking

▬ JavaScript Interface Injection

The list is always growing as Google continues to monitor and improve the capabilities of the program.

Google originally created the Application Security Improvement Program to harden Android apps. The goal was simple: help Android developers build apps without known vulnerabilities, thus improving the overall ecosystem.

Google understands that developers can make mistakes sometimes and they hope to help catch those issues for years to come. Security will continue to be a big talking point as technology evolves. It’s important for users to be able to trust the apps on their phones.

A Trojan App on Google Play Store Stealing Users Sensitive Data





Cyber security specialists at Cisco Talos have discovered a malware denominated as GPlayed, a Google Play Market Place application that is indistinguishable to the design of Google Play store icon and other subsidiary applications. GPlayed is capable for deceiving users into installing it on their Android phone and lose sensitive data to hackers.

This issue is a risky one as clueless many gullible users may install the app. on the given that it is a reliable one indeed and wind up paying a "heavy price".

This dangerous Trojan malware in spite of the fact that isn't yet live on the Google Play store yet is capable of and even transmitting Visa or bank details present in the phone and furthermore swing in to fulltime spyware equipped for following victim’s locations.

"What makes this malware extremely powerful is the capability to adapt after it's deployed. In order to achieve this adaptability, the operator has the capability to remotely load plugins, inject scripts and even compile new .NET code that can be executed," Cisco Talos report said.




Adding further they said that their analysis indicates that this Trojan is in its testing stage but given its potential, every mobile user should be aware of GPlayed. As mobile developers have recently begun eschewing traditional app stores and instead want to deliver their software directly through their own means. But GPlayed is an example of where this can go wrong, especially if a mobile user is not aware of how to distinguish a fake app versus a real one.

In spite of Google taking strict measures to control the stream of Android malware to the Play app store, it can't recognize Trojan malware covered up in authentic applications. General Android application users are thus advised to be cautious in installing, such resembling phony Google applications.


Over 145 Malicious Android Apps Discovered On the Google Play Store




Researchers from the security software company Palo Alto Network made an alarming disclosure in regards to certain applications accessible on the Google Play Store esteeming them to be defected with malware for stealing information from the Windows Computers.

These 145 applications, with names, "Gymnastics Training Tutorial ", "Modification Trail" and " Learn to Draw Clothing” were uploaded to Google Play between October 2017 and November 2017 and remained there until the point when Palo Alto Networks made Google aware of this issue.

Many of these applications have been downloaded over a thousand times and even 4-star ratings purportedly from individuals who utilized them.

"We have reported our findings to Google Security Team and all infected apps have been removed from Google Play,"

In any case, the fact that these infected applications are very easily accessible on the official Google Play Store is for sure concerning. Additionally, it demonstrates that the software developer ‘odieapps’ isn't sufficiently paying enough consideration to the security part of the applications.

 This by a long shot though isn't the first run through Google has needed to expel the malware-loaded applications from Play, which is by and large thought about as the most secure hotspot for Android applications.

 “These embedded Windows executable binaries can only run on Windows systems: they are inert and ineffective on the Android platform. The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware.”  - Palo Alto Networks said in a blog post.

Also in the most recent two years alone, various security vendors have discovered a huge number of Android applications released to Google Play corrupted with adware, spyware and different vindictive payloads and much like for this situation where these applications were downloaded countless of times before being hailed as hazardous and finally expelled from the Play store.

An analysis of the malware code proposes that the developers of the compromised applications may have built up the applications on infected Windows machines and incidentally exchanged the pernicious code in their Android applications to the Play store.

Had the malware apparatuses functioned as proposed they would have been equipped for recording the mobile device user's keystrokes and thusly steal information, like the passwords, social security numbers, payment card data as well as other important and significant information, says the Palo Alto Networks.

Nevertheless the capacity of enemies just to get their malware past the Play store's defenses poses a tough challenge for Google indeed and as well for the countless users that download their applications from it.


Anubis Malware Re-Emerges Yet Again; Hackers Distributing It via Google Play Store





The Anubis banking malware arises once more with the threat actors allocating the malware on Google Play store applications keeping in mind the end goal to steal login credentials to banking apps, e-wallets, and payment cards.

Hackers are constantly known for finding better approaches to sidestep the Google play store security as well as ways to distribute the malware through Android applications that will additionally go about as the initial phase in an "infection routine" schedule that gets the BankBot Anubis mobile banking Trojans by means of C&C server.

Users as often as possible get tainted once they download and install the malevolent applications via the Google play store, despite the fact that the play store security investigates , all the applications that are transferred into Google Play, cybercriminals dependably execute the most complex and obscure strategies to evade the detection.

Researchers as of late discovered anew downloader’s in-app store that connected with Anubis banking malware. This campaign is known to contain no less than 10 malevolent downloaders masked as different applications. All the Downloader disseminated through Android applications is known to get in excess of 1,000 samples from the criminal's command-and-control (C&C) servers.

“In most Android banking Trojans, the malware launches a fake overlay screen when the user accesses a target app. The user then taps his or her account credentials into the fake overlay, which allows the malware to steal the data. BankBot Anubis streamlines this process.”

Cyber criminals transferring applications into Google play store influence it to resemble a live authentic one; they compromise the clients by controlling them to trust that they are giving an "expertise" as a service.

The researchers likewise found that these malignant play store applications that acted like the authentic ones, for the most part focus on the Turkish-speaking clients and the downloader applications in this specific crusade were intended to address Turkish clients just with a couple of various botnets and configurations.

All these applications are transferred to various categories, for example, online shopping to money related services and even an automotive app.

As indicated by an analysis by the X-Force, the adjustments in the downloader application propose that it is being kept up on a progressing premise, another sign that it is a ware offered to cybercriminals or a particular gathering that is centered on swindling particularly the Turkish mobile banking users.

Once the noxious downloader is effectively installed into the victims Android then the app brings BankBot Anubis from one of its C&C servers. The BankBot Anubis malware forces clients to concede the consent by acting like an application called "Google Protect." 

This accessibility will go about as a keylogger getting the infected user's credentials from infected users mobile.

BankBot Anubis is known to target users in numerous nations also for example, Australia, Austria, Azerbaijan, Belarus, Brazil, Canada, China, Czech Republic, France, Georgia, Germany, Hong Kong, India, Ireland, Israel, Japan Kazakhstan, Spain, Taiwan, Turkey, U.K. as well as U.S.