Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Google Play Store Saw Over 600 Million Malware, Malicious App Downloads in 2023: Kaspersky

Share

Google boasts of robust security rules for its Play Store, promising safe downloads and strict action against malicious apps for users. But, with millions of applications hosted on the store front, there’s also a considerable amount of malicious content that can harm Android users. Now, prominent cybersecurity and anti-virus firm Kaspersky has claimed that Android users downloaded malware from Google’s Play Store over 600 million times in 2023. These infected apps include mini-game ads that collect user data, Minecraft clones, aps that promise monetary rewards, and more.

According to a report compiled by Kaspersky, citing various other reports and sources, malicious developers have found new ways to bypass Google’s security checks to list their apps on the Play Store. The firm found different kinds of infected content and applications downloaded via the storefront, that pose a serious security threat to Android users. The biggest defaulter turned out to be suspicious apps with in-app mini-game ads that harvest data, with over 451 million downloads. According to the report, a malware called SpinOk was found infecting over a 100 apps on the store this year, showing up as in-app mini games promising monetary rewards while collecting user data.

The report also noted over a 100 million downloads for apps infected with hidden ads and over 35 million downloads for ad-riddled clones of the popular game Minecraft. Thirty-eight Minecraft clones with hidden adware were found on Play Store this year, the report said. Mojang’s Minecraft, a sandbox-style survival game, has over 50 million downloads on the Play Store and is thus a major target for bad actors.

Additionally, suspicious apps that promise monetary rewards also racked up 20 million downloads. These primarily include apps posing as health and activity trackers that promise lucrative rewards for completing physical activity goals. The report also mentioned over 40 apps, which were downloaded 2.5 million times, infected with background adware.

Two file manager apps with a total of 1.5 million downloads were also found collecting user data, despite claiming that they don’t do so. These spyware apps were reportedly sending key user data like contacts, location, photos, audio, video and more to servers in China.

Kaspersky experts also found Play Store apps infected with the Fleckpe subscription Trojan. These apps, when downloaded and run, would install a malicious payload on the user’s smartphone that collected country and cellular operator information. The malware then opened Web pages with paid subscriptions in the browser and maliciously subscribed the user to services.

The report also mentioned 50,000 downloads of an iRecorder screen recording app for Android. The app, which was uploaded to the Play Store in 2021, comes with a malicious code that makes the app record sound from the smartphone microphone every 15 minutes and send to the server of the developers.

Earlier this year, Kaspersky had found a cybersecurity threat that targeted iPhone users via a malicious iMessage attachment. The threat didn’t require users to do anything and utilised an iOS vulnerability to install a spyware that took complete control of device and user data.


Affiliate links may be automatically generated – see our ethics statement for details.