'Cellik' Android RAT Leverages Google Play Store
The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.
Stay informed on Google Play's latest information security updates, threats, and protections with in-depth news and expert analysis.
Search across headline titles and summaries.
Background for this topic.
Google Play is Google’s official distribution platform for Android applications and games. It also provides related controls, including app review, developer signing and release mechanisms, and Google Play Protect, which checks applications for known or suspected harmful behavior before and after installation. Its security role concerns the apps and updates delivered through the store, not the security of every Android device or application.
Security practitioners monitor Google Play because malicious, deceptive, repackaged, or vulnerable applications can reach users through legitimate-looking listings and request excessive permissions or collect sensitive data. Store review and automated scanning reduce exposure but do not guarantee that an app is safe; newly discovered vulnerabilities, compromised developer accounts, and harmful updates remain relevant attack surfaces. Defenders should assess an application’s provenance, permissions, requested data, update history, and vendor security response, while using Play Protect and device-management controls where appropriate. Google Play vulnerability and policy advisories can therefore inform application allowlisting, remediation, privacy reviews, and removal decisions.
Weekly headline count for the current query.
The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.
Popular titles on both Google Play and Apple's App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.
The dangerous Anatsa banking Trojan is among the malware being spread to Android users via decoy mobile apps in recent months.
Antidot uses overlay attacks and keylogging to target users' financial data.
The Indian state-sponsored cyberattackers lurked in Google's official app store, distributing a new RAT and spying on Pakistanis.
The fake financial app tricks users into signing up for high-interest payments, only to steal their information and blackmail them.
Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.
The malware, along with a sister strain dubbed "FakeTrade," was found lurking in Google Play.
Malware spoofed file management applications thanks to elevated permissions, enabling exfiltration of sensitive data with no user interaction, researchers find.
A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.
Malware that can steal data, track location, and perform click fraud was inadvertently built into apps via an infected third-party library, highlighting supply chain risk.
The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.
Between March 3 and March 9, at least 2,000 people a day downloaded the malicious "Quick access to ChatGPT" Chrome extension from the Google Play app store.
Trend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store.
The malware has resurfaced, using an icon and name similar to the legitimate Google Play app MYT Music, a popular app with more than 10 million downloads.
Some 400 mobile apps have posed as legitimate software on Google Play and the Apple App Store over the past year, and were designed to steal Facebook user credentials.
The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.
Some mobile apps are being weaponized with Trojans that secretly sign Android users up for paid subscription services.