A security researcher has discovered that a hacker group has managed to smuggle 13 “games” into the Google Play Store which have collectively been installed more than 560,000 times.
The malware, which poses as games, but actually fails to even launch, pretend to be driving simulators, with attractive screenshots and icons, but when downloaded install an APK which runs hides itself and displays ads when you unlock your device.
Discovered by Lukas Stefanko from ESET, some of the apps, which were all published under the name Luiz O Pinto, were so popular they managed to get to the Google Play Trending chart despite having no legitimate functionality.
App functionality demonstration pic.twitter.com/11HskeD56S
— Lukas Stefanko (@LukasStefanko) November 19, 2018
Google has taken swift action and has removed the apps, but the incident reminds us that App Stores do not necessarily mean absolute safety, as was demonstrated by similar incidents in the Microsoft Store.