Creating fake apps as a means to spread malware is nothing new but a security researcher has discovered that more than half a million users have installed malicious apps posing as driving games directly from the Google Play Store.
The malicious apps were discovered by security researcher Lukas Stefanko from ESET who tweeted that 13 gaming apps created by the same developer were being used to spread malware to Android users. When he first made the news public, two of the apps were trending on the store which gave them even greater visibility.
The apps themselves were created by developer Luiz O Pinto and before Google removed them from the Play Store, they had a combined 580,000 installs.
Not just a racing game
Users who downloaded the apps from Google’s store thought they were getting a simple driving game when in reality they received apps that were filled with bugs and crashed every time they were opened.
Once someone opened one of the games in question, the app would download a payload from a domain registered to an app developer in Istanbul that would install malware in the background and delete its icon.
As of now, it is still unclear what the malicious apps do as none of the malware scanners tested were able to reach a consensus on what the malware does. However, the malware is persistent and launches every time the Android device its installed on starts up.
The malware also has “full access” to the device’s network traffic which its author could use to steal sensitive data such as a user’s credentials.