Security News

Google Play Protect now scans over 100 billion applications on Android devices daily, according to new figures disclosed by Google this week. Google Play Protect is the protection mechanism built into the Android operating system to help protect devices and data from malware and other threats.

Malicious optimizer, booster, and utility applications hosted on Google Play gathered nearly half a million downloads before being taken down, Trend Micro reports. Four of the apps gathered more than 100,000 downloads each before Google removed them from the official storefront.

Google has made a concerted effort in recent months to try to eliminate bad apps for its Android mobile platform on the Google Play store-something the company historically has battled. These type of apps have been installed nearly 600 million times on 100 million plus devices, according to a Sophos report, which said it pulled the numbers from Google's own Google Play marketplace.

The treachery lies in the payment model - the fleeceware we identified back in September 2019 didn't charge a fee for the app, but instead sold you a subscription to go along with the app. The app's free, don't forget; it's the subscription that you're being charged for, and Google permits app developers to ask that sort of money.

Google has removed 17,000 Android apps to date from the Play store that have been conduits for the Joker malware - and in an analysis of the code, said that Joker's operators have "At some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected." The internet giant said that having three or more active variants of Joker in circulation at the same time using different approaches or targeting different carriers is the norm; and at peak times of activity, up to 23 different apps from the Joker family have been submitted to Play in one day.

Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android to install the app aimed at spying on users. The Camero app would download a DEX file from a C&C, which would then download the callCam APK file and use the CVE-2019-2215 exploit to root the device, install the app and launch it without any user interaction or the user's knowledge.

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone-even if downloaded from the official Google Store store⁠-you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.

At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks. The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.

A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google's Pixel phones. Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone.

Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due to claims that it was being used for government espionage. Despite the app's popularity, it was quickly take down from Google Play and the Apple App Store after a report from the New York Times in December claimed that the app is actually being used by the government of the United Arab Emirates as a spy tool used to track users' conversations and location.