How cybercriminals use common apps on Google Play to spread malware

Cybercriminals have developed a number of techniques to sneak malicious apps onto Google Play store to spread malware. These apps include photo editing apps, file managers, games, music and video players, call recording apps as well as health tracking apps

Updated - November 15, 2023 11:43 am IST

Published - November 15, 2023 11:17 am IST

Cybercriminals have developed a number of techniques to sneak malicious apps onto Google Play store to spread malware.

Cybercriminals have developed a number of techniques to sneak malicious apps onto Google Play store to spread malware. | Photo Credit: Reuters

Google Play is home to more than three million unique apps, most of which get updated regularly to update security patches and implement changes. However, cybercriminals have found ways to make use of these periodic updates to sneak malicious apps onto Google Play.

In 2023, apps with malicious codes were found to have been downloaded more than 600 million times on Google Play, Kaspersky shared in a blog post.

Some of the commonly downloaded apps that contain malware include photo editing apps, file managers, games, music and video players as well as health tracking apps.

The malware in these apps has been found to not just hide adware, but also track users’ location, cellular operator information, load spyware, record voice, and other sensitive user information.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

How threat actors post malicious apps on Google Play?

Cybercriminals create multiple developer accounts to upload apps on Google Play. Through these accounts they upload seemingly unremarkable apps with simple functionality and no malicious code to ensure they are able to sail through Google’s moderation checks. Once the app is downloaded by a sizeable audience, cybercriminals add malicious functionality in the app through an update.

An example of this is seen in the case of iRecorder app, which when uploaded to Google Play in 2021 was able to get past Google’s moderation checks as it did not contain any malicious code. However, once the app garnered close to 50,000 downloads, threat actors updated the app with malicious functionality, allowing the app to record sound from the device’s microphone every 15 minutes and sending it to a server of the app creators.

Threat actors have also been found to have made use of multiple developer accounts to ensure that they can continue uploading malicious apps if one of their accounts is blocked by the moderators.

From signing up for subscriptions to data mining, malicious apps do it all

Malicious codes in apps can be used to access sensitive user data including files, photos, videos and device’s location and cellular information. Such apps have also been found to sign up the user’s cellular operator account to pay for subscriptions for needless services.

This tactic was found to have been used by several apps including photo editor apps, GIF camera apps, that collectively had 620,000 downloads as of 2023, according to a blog post from Kaspersky.

Malicious file manager apps on Google Play have also been found to make use of spyware to collect cellular network, photos, audio and video files, and more hat was transmitted to servers in China.

Cybercriminals were also found to use malware to load adware on devices when the smartphone’s screen was off. These adwares were found to have impacted 43 apps including TV/DMB Player, Music Downloader, News, and Calendar apps. Similar adware was also used to infect clones of the popular game Minecraft with 38 clones of the game being downloaded some 35 million times.

Scam apps promise rewards

Scam apps promising rewards in lieu of either downloading other apps or completing tasks including completing a designated number of steps or posting reviews for eateries, and viewing ads were found to target users. These apps would either lure users with fake promises of rewards on small payments or completing tasks to spend bigger amounts after which scammers would either block the user or stop responding to requests for payments.

A study in 2023 found that such scam app on Google Play had garnered more than 20 million downloads collectively.

How to guard against malware infected apps on Google Play

While malware in apps on Google Play is far more common than users might anticipate. There are certain measure users can take to reduce the risks posed by such apps.

Users should carefully check an app’s details, including the details of the publisher to ensure they are genuine. It’s not unusual for cybercriminals to clone popular apps and place them on Google Play under similar names, icons, and descriptions to lure users.

Users should also avoid downloading apps just because they have good ratings. Often cybercriminals inflate the ratings of an app to lure more users into downloading them. Instead, users should focus on the overall reviews of the app before downloading, especially the negative reviews to ensure they are well versed with the problems faced by other users.

Avoiding downloading apps that are not verified by Google is also a good way to ensure security. However, in case users want to download unverified apps, it is best to go through the details of the data collected by the app, the app description and the developer page. These may have signs like typing errors or signs of hastily put together descriptions pointing to whether the app is genuine or a façade to push malware.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.