1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Over 500,000 Google Play Store users installed malware-ridden apps from a single creator

By Polycount ยท 6 replies
Nov 21, 2018
Post New Reply
  1. It's no secret that Google's Play Store isn't the best-policed app store out there. Malicious and nonfunctional apps appear on the store regularly, and they don't always get removed in a timely manner.

    This has become even more clear today, as security researcher Lukas Stefanko has revealed that 13 now-removed Android apps, downloaded by over 560,000 users, contained malware. These apps were all masquerading as various Car Simulator games, taking advantage of misleading thumbnails and supposed in-game screenshots to entice users to download them.

    According to Stefanko, two of the 13 apps managed to make their way to the Trending section of the Google Play Store, which likely boosted their download numbers considerably.

    So, what exactly did these apps do? On the surface, absolutely nothing. If users try to launch the apps, they simply show a "Made with Unity" logo and then crash a few seconds later. After crashing, the apps hide their own icons to make uninstallation more difficult, while also downloading an "additional APK" in the background.

    Digging deeper, it becomes clear that the apps were far from the harmless pranks they may seem to be. According to TechCrunch, each piece of software could give itself "full access" to a device's network traffic, which could have allowed the developer to swipe a given user's personal data.

    If that wasn't wild enough, the story gets even stranger. These apps were all "developed" by the same individual: Luiz O Pinto. Furthermore, many of the apps had reviews that averaged out to three or more stars.

    It's probable that said reviews were either fake or paid-for (we can't check now, given that the apps have been removed), but you'd think they would have quickly been buried by a flood of negative feedback from legitimate users; particularly if the previously-mentioned download numbers are accurate.

    It's a bizarre situation overall, but for now, this rogue developer can't do any more harm. Whether or not he (or she) will return in the future under a different alias remains to be seen, though.

    Permalink to story.

     
  2. EClyde

    EClyde TS Evangelist Posts: 1,890   +708

    Free = Bad
     
    UaPro likes this.
  3. Thanks Google, another reason why I love you....
     
  4. treetops

    treetops TS Evangelist Posts: 2,645   +611

    The 3 of 5 star average is what is most alarming. Sure we know about paid reviews. But it is now on the old spam bot level. Require captcha for reviews maybe even though that is a pain. The accounts could also be hacked accounts. Really makes you wanna change all your passwords.
     
  5. trgz

    trgz TS Addict Posts: 264   +69

    'He (or she)' or they...
     
  6. toooooot

    toooooot TS Evangelist Posts: 953   +453

    "She" :D :D
     
  7. Nobina

    Nobina TS Evangelist Posts: 2,042   +1,559

    No.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...