A recent investigation revealed that Google Play, the official app store for Android, distributed more than 200 malicious applications over a year.

These apps, which were downloaded nearly 8 million times, were identified by threat intelligence researchers at Zscaler between June 2023 and April 2024. The research uncovered various malware families present both on Google Play and other distribution platforms.

Among the most common threats found on the platform are:

  • Joker (38.2%): An info-stealer that also intercepts SMS messages and subscribes users to premium services without their knowledge.
  • Adware (35.9%): Applications that drain internet data and battery by displaying intrusive ads or running invisible ads in the background, generating fraudulent ad impressions.
  • Facestealer (14.7%): A type of malware that targets Facebook accounts by overlaying phishing forms on legitimate apps to steal login credentials.
  • Coper (3.7%): This malware intercepts SMS messages and performs keylogging while also overlaying phishing pages on top of legitimate apps.
  • Loanly Installer (2.3%) and Harly (1.4%): Trojan apps that subscribe victims to premium services.
  • Anatsa (0.9%): Also known as Teabot, this banking trojan targets more than 650 banking apps worldwide.

Earlier in May, the same team of researchers reported over 90 malicious apps on Google Play, with a combined download count of 5.5 million. Despite Google’s robust security mechanisms, threat actors have developed methods to bypass these systems. One method, called “versioning,” involves delivering malware through updates or remotely loading it from an attacker-controlled server.

READ
Halliburton Ransomware Attack Leads to $35 Million in Losses Amid Ongoing Data Breach Fallout

Some malware campaigns have been particularly successful. For instance, the Necro malware loader was downloaded 11 million times through just two apps on the Google Play Store, and Goldoson malware was detected in 60 legitimate apps, accumulating 100 million downloads.

While Google Play remains a critical distribution point, threat actors continue to find ways to infiltrate the platform. Nearly half of the malicious apps identified by Zscaler ThreatLabz were published under categories like tools, personalization, photography, productivity, and lifestyle. Despite these challenges, Zscaler’s analysis shows a slight decline in overall malware activity, with 20 million malware blocks recorded throughout the study period.

In terms of specific threats, spyware infections surged, driven by families like SpyLoan, SpinOK, and SpyNote. The most affected regions included India, the United States, Canada, South Africa, and the Netherlands. The education sector saw the highest increase in mobile malware attacks, with blocked transactions rising by 136.8%.