Google has a lot of moving parts behind the scenes, trying to keep malware off of the Play Store. But with seven figures of apps posting and updating constantly, even it doesn’t have a perfect record. Such is the claim from a security researcher last week, which said they found ten apps with variations on a trojan horse program. The apps are fairly innocuous based on their title and description, but each is designed to scrape a user’s phone for Facebook login credentials.
Dr. Web Anti-Virus said that variations of the Trojan were detected in the following publicly available apps:
- PIP Photo by developer Lillians — 5,000,000+ downloads
- Processing Photo by developer chikumburahamilton — 500,000+ downloads
- Rubbish Cleaner by developer SNT.rbcl — 100,000+ downloads
- Horoscope Daily by developer HscopeDaily momo — 100,000+ downloads
- Inwell Fitness by developer Reuben Germaine — 100,000+ downloads
- App Lock Keep by developer Sheralaw Rence — 50,000+ downloads
- Lockit Master by developer Enali mchicolo — 5000+ downloads=
- Horoscope Pi by developer Talleyr Shauna — 1000+ downloads
- App Lock Manager by developer Implummet col — 10+ downloads
The researchers alerted Google to their findings, and as of Monday morning, it looks like all the apps and developers have been removed from the Play Store. Even so, the Play Store’s basic metrics report that the apps were installed on approximately six million Android devices, on the low end. A similar app, “EditorPhotoPip,” had already been removed from the Play Store but was available on alternative download sites.
Dr. Web reports that all of the apps it found were fully functional for their advertised purpose, making them particularly effective as spyware. This serves as yet another lesson to keep your guard up, even when downloading “vetted” apps directly from Google.
Image credit: Kemal Hayit