A malicious actor recently smuggled 13 malicious apps disguised as driving simulator games into Google Play, resulting in more than 560,000 installations before they were removed.
Each of the sketchy apps was found to download and launch in the background an additional malicious APK, titled “Game Center.” This APK hides its own icon and displays ads whenever an infected device is unlocked, according to Lukas Stefanko, malware researcher at ESET, who revealed the scam in a series of tweets on Nov. 19.
The baker’s dozen of adware apps have “no legitimate functionality,” added Stefanko. They were all developed by “Luis O Pinto” and pretended to offer the experience of virtually driving sports cars, motorcycles, fire trucks and other assorted vehicles. Two of the apps were trending.
Stefanko said that he disclosed the issue to Google, and at least one news outlets has reported that Google has since banished the offending apps.
In the last two days, Stefanko has tweeted several more alerts of fake apps that were reported to Google Play, including nine malicious kids coloring apps that collectively were installed 23,000 times, and nine fake loan apps with over 40,000 downloads between them.