Google has removed 13 Android apps from its Play Store after discovering they were a front for malware – but not before they were downloaded more than 560,000 times by unsuspecting users.
The apps, which all claimed to be the work of the same developer, were disguised as games such as driving simulators, but did not actually work and appeared to crash when opened. However, they also forced devices to install an APK, which then opened, hid itself, and displayed ads whenever the user unlocked their device.
They were first spotted by security researcher at ESET Lukas Stefanko, who noted the apps also hide themselves after being launched, making it harder for users to realise they have been infected.
Despite their lack of functionality, some of the malware-ridden apps proved to be so popular before they were discovered that they even made it onto the Play Store's trending charts, which could have significantly increased the number of potential victims.
The discovery should therefore serve as a reminder to users that they should always be wary of installing software from sources they do not recognise, even when they are found on official app stores.
It may also highlight the need for businesses to put strong mobile device management tools and policies in place that can restrict what users are allowed to install when using an enterprise-issued device, or a personally owned gadget as part of a BYOD scheme.
This is far from the first time that apps containing malware have been uncovered hidden on Google's Play Store. NDTV.com noted, for example, that an auto-clicking adware called Judy was discovered on 41 apps last year and was said to have affected anywhere between 8.5 million and 36.5 million Android devices.
Indeed, in January, Google revealed it has removed more than 700,000 malicious apps from the store in the previous year.