Hundreds of Malware-Laden Apps Downloaded 41 Million Times From Google Play
Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year
Stay informed on Google Play's latest information security updates, threats, and protections with in-depth news and expert analysis.
Search across headline titles and summaries.
Background for this topic.
Google Play is Google’s official distribution platform for Android applications and games. It also provides related controls, including app review, developer signing and release mechanisms, and Google Play Protect, which checks applications for known or suspected harmful behavior before and after installation. Its security role concerns the apps and updates delivered through the store, not the security of every Android device or application.
Security practitioners monitor Google Play because malicious, deceptive, repackaged, or vulnerable applications can reach users through legitimate-looking listings and request excessive permissions or collect sensitive data. Store review and automated scanning reduce exposure but do not guarantee that an app is safe; newly discovered vulnerabilities, compromised developer accounts, and harmful updates remain relevant attack surfaces. Defenders should assess an application’s provenance, permissions, requested data, update history, and vendor security response, while using Play Protect and device-management controls where appropriate. Google Play vulnerability and policy advisories can therefore inform application allowlisting, remediation, privacy reviews, and removal decisions.
Weekly headline count for the current query.
Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year
A new Android malware campaign uses fake Google Play pages to distribute the SpyNote Trojan
Bitdefender said the malicious app campaign has resulted in more than 60 million downloads of malicious apps from the Google Play Store
Google Play blocked 2.36 million policy-violating apps and banned 158,000 harmful developer accounts in 2024
Zscaler has found more than 200 malicious apps on Google Play with over eight million installs
Researchers discover mobile crypto drainer malware hidden in WalletConnect app garnering 10,000 downloads
Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics
A new banking Trojan targeting Android devices shows multifaceted capabilities
New real-time scanning feature conducts analyses of an app’s code during the installation process
Researchers warn of phishing links leading to spoofed Google Play pages
Researchers warn of spyware hidden in legitimate-looking apps
ESET said BadBazaar was available via the Google Play Store, Samsung Galaxy Store and various app sites
Each application sends the stolen data to China over a hundred times
Kaspersky says Fleckpe was hidden in 11 apps
Efforts were part of a Google Play fraud and malware crackdown
The malicious software library can collect installed app lists, Wi-Fi and Bluetooth data, and more
Over 20 million users install apps from Google Play
The dropper hides behind a fake utility app with limited permissions and a small footprint
It reportedly targets the banking credentials of Android users via apps with 60,000 installations
Apps have millions of downloads, says Bitdefender