Google has a lot of moving parts behind the scenes trying to keep malware out of the Play Store. But with seven figures of apps published and constantly updated, even it doesn’t have a perfect record. This is the claim of a security researcher last week, who said he found ten apps with variants of a Trojan horse program. The apps are harmless enough based on their title and description, but each is designed to grab Facebook login information from a user’s phone.
Dr. Web Anti-Virus has stated that variants of the Trojan have been detected in the following public applications:
- Photo PIP by developer Lillians – 5,000,000+ downloads
- Photo processing by developer chikumburahamilton – 500,000+ downloads
- Garbage Cleaner by developer SNT.rbcl – 100,000+ downloads
- Daily Horoscope by developer HscopeDaily momo – 100,000+ downloads
- Inwell Fitness by developer Reuben Germaine – 100,000+ downloads
- App Lock Keep by developer Sheralaw Rence – 50,000+ downloads
- Lockit Master by developer Enali mchicolo – 5,000+ downloads =
- Horoscope Pi by developer Talleyr Shauna – 1000+ downloads
- App Lock Manager by developer Implummet col – 10+ downloads
Researchers alerted Google to their findings, and as of Monday morning, it appears all apps and developers have been removed from the Play Store. Even so, basic Play Store metrics show apps were installed on around six million Android devices, on the low end. A similar app, “EditorPhotoPip”, had already been removed from the Play Store but was available on other download sites.
Dr. Web reports that all of the applications he found were fully functional for their stated purpose, making them particularly effective as spyware. This serves as yet another lesson in keeping your guard even when downloading “verified” apps directly from Google.
Image credit: Kemal Hayit