It seems like Google’s crackdown on developers and refining the Play Store was only a drop in the bucket; the problem seems much bigger than anticipated.
Today, a security researcher at ESET, Lukas Stefanko, called out thirteen Google Play Store apps which were originally malware disguising themselves under the name of the driving game for Android.
The Android apps which ranked on the Google Play Store with installs more than 580,000 were removed by Google as soon as the news the broke out.
Scott Westover, a Google spokesperson, confirmed to TechCrunch that the apps violated Google Play Store policies, which is why they have been removed from the Android app store.
App functionality demonstration pic.twitter.com/11HskeD56S
— Lukas Stefanko (@LukasStefanko) November 19, 2018
Meanwhile, Luckas also posted one of the app functionality videos on Twitter. For example, once the driving game app is opened on an Android device, it automatically shuts down after showcasing two-three animations for a few seconds. Following which, the app icon immediately vanishes from the device.
Following the launch, the app trigger ads when the device is unclocked, Lucas mentions in his tweets. While no one seems to be exactly sure of the intent of the malware, as indicated by the uploaded sample to VirusTotal.
One thing for sure is that the app was downloading a payload from a domain, registered to an app developer in Istanbul. Also, it had permissions like “full network access” and “run at startup”.
All the thirteen malicious apps were displayed under the tag of “Google Play Protect,” which raises questions weather Play Protect service is actually protecting anything or not.