More than a dozen apps that secretly contained malware were recently removed from the Google Play store, but not until after they received over half a million downloads.
According to Lukas Stefanko, a researcher for the cybersecurity firm ESET, the 13 apps—most of which claimed to be luxury car or truck driving simulators—showed no functionality, crashing and hiding their icons once launched. Nevertheless, two of the apps ended up in the trending section on Google Play prior to their removal.
Stefanko said there had been “560,000+ installs” of the apps before he identified the malware and although he isn’t sure of the exact nature of the software, he suggested to Forbes that they might be adware, which automatically clicks on content to drive up advertising revenues.
Developer Luiz O. Pinto made all of the apps, whose app page has since been removed from the Google Play store.
Is Google doing enough?
Stefanko told Forbes that Google could be better at protecting users from malware.
“Many times it would be simply enough to scan apps with antivirus software before uploading them on to Google Play,” Stefanko said. VirusTotal, which analyzes files and URLs for malware and other harmful software, is owned by Google and could ostensibly be used for the task.
Malware flourishing on Android
Millions of Android users have already been exposed to malware through the Google Play store. According to NDTV, 41 apps were found to contain the auto-clicking adware Judy last year, affecting between 8.5 million and 36.5 million Android devices. And in January, Google revealed that it removed 700,000 fraudulent or malicious apps from the Google Play store in 2017, a 70 percent increase over the year before.
If you suspect you have downloaded an app containing malware, you can find and delete it using your phone’s search feature. Likewise, you may want to download an antivirus program; as this latest incident proves, you can never be too safe.