The assault on Google’s Play Store continues with 30 malicious apps being revealed that have been downloaded hundreds of millions of times and having capabilities that have caused security firms suggesting end users take extraordinary steps to vet software prior to downloading.

VPNpro and Trend Micro made public 24 and four apps, respectively, that are either capable of downloading further malware or conducting ad fraud and in some cases can post fake information to the Play Store to make them appear more desirable.

The apps found by Trend Micro, detected as AndroidOS_BadBooster.HRX, have the ability to inject 3,000 different types of malware and perform ad fraud on a targeted device. The apps, which have been downloaded 470,000, pose as performance and productivity tools, hide in plain sight by not appearing either on the desktop or in the application list. When in ad fraud mode the malware not only posts ads to the mobile device, but also clicks on them to generate income for the advertiser.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.