Security News > 2023 > May > This legit Android app turned into mic-snooping malware – and Google missed it

Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code.

Potentially tens of thousands of people downloaded the software before ESET researchers found the hidden malware and alerted Google, which pulled the app from its online store.

It's not clear precisely how long the malicious version of the recording app was available on Google Play nor how many people exactly were hit by it; ESET only said that the software had surpassed 50,000 downloads in Google's souk.

Stefanko noted in the report that the recording app remains available on some alternative and unofficial Android app markets, and that the developer has published several other Android tools, none of which contain malicious code.

We've been down this malware-laden road with Google Play many times before, but this one is particularly egregious given the fact the malware that slipped through the cracks has been found on Google Play already.

In 2017, Google's Play Protect on-device anti malware platform scored dead last in tests of its ability to detect malware compared to third-party Android malware detection platforms.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/24/a_legit_android_app_turned/