Home
News
You are here

Android malware alerts: Stay up to date with the latest threats to your phone

Updated: Aug 16, 2024, 8:12 AM

10comments

Android malware alerts: Stay up to date with the latest threats to your phone

Official app stores are undoubtedly the best place to download software for your phone, especially when considering security. For Android phone owners, that place is typically the Google Play Store, but malicious apps occasionally manage to slip through despite rigorous precautions.

Identifying unsafe apps can be challenging as malicious developers employ cunning tactics to deceive users before and after downloads. To assist you, we've compiled the latest reports on flagged malicious apps from the Google Play Store, presented in chronological order, starting with the most recent.

Remember, even if an app is removed from the Google Play Store, it might still exist on your phone if previously downloaded. Moreover, many of these apps reappear on the Play Store under slightly different names. Some belong to the FakeApp family, attempting to trick users into making purchases or investments. Others are from the Joker family, aiming to enroll users in paid subscriptions.

5 new apps with the spyware discovered by Kaspersky

Kasperski has discovered that the Android spyware Mandrake, first spotted in 2020, has resurfaced with enhanced capabilities. This new version cleverly bypassed Google Play's security checks, allowing it to infect over 32,000 devices through five seemingly harmless apps. These apps, masquerading as file-sharing tools, crypto platforms, and productivity aids, stole data, recorded screens, and installed additional malware.

Here are the names of the infected apps:

AirFS - 30,305 installs
Amber - 19 installs
Astro Explorer - 718 installs
Brain Matrix - 259 installs
CryptoPulsing - 790 installs

To avoid detection, Mandrake employed advanced obfuscation techniques, making it difficult for security software to identify. The malware targeted specific devices based on collected data and then escalated its malicious activities, including stealing credentials and downloading further harmful apps. Despite its insidious nature, none of the infected apps were flagged as malicious until recently.

Google has acknowledged the issue and is working to improve Play Protect's capabilities. That said, it is highly advisable that users delete any of the mentioned apps from their device immediately. Keep your device's operating system and security software up-to-date to protect against similar threats.

Reports on dangerous Android apps

Trojan malware Brokewell disguising as Google Chrome update (April 25, 2024)

Dutch security firm ThreatFabric has discovered a Google Chrome update that disguises itself as legitimate but installs the "Brokewell" trojan malware.

Once installed, this malware collects personal data, grants remote control of the device to attackers, and can spy on users. Additionally, "Brokewell" can access banking apps, posing a significant threat to victims by potentially wiping out their accounts.

The "Brokewell" trojan employs a deceptive Chrome browser update to dupe smartphone users into installing it, utilizing the "overlay" technique to capture login information for targeted applications like banking apps. Through "accessibility logging," the malware records various user interactions, sending this data to a command-and-control server, thereby compromising personal information. With stolen credentials, attackers can remotely control the victim's phone, making all downloaded apps vulnerable to exploitation.

NCC Group discovers upgraded Android banking malware Vultur (March 28, 2024)

The Android banking malware Vultur, first identified in 2021, has evolved with new capabilities, granting it greater control over infected devices, according to security company NCC Group. This upgraded version utilizes Android's Accessibility Services to bypass the Google Play Store, enhancing its remote control functionalities.

Vultur's distribution relies on social engineering tactics, tricking victims via SMS messages into installing it. These messages create urgency by falsely claiming unauthorized transactions, leading victims to download an app disguised as McAfee Security, which is actually the Brunhilda dropper.

Once installed, Vultur enables cybercriminals to perform various malicious activities, including manipulating device functions and stealing credentials, primarily targeting banking apps. Despite its sophistication, Google Play Protect offers automatic protection against known versions of Vultur, emphasizing the need for continued vigilance against such threats.

Doctor Web discovers new virus activity on mobile devices (October 26, 2023)

Doctor Web is an IT security provider, which recently discovered several new malicious applications in the Google Play Store. Combined together, the downloads of these apps amounted to more than 2 million.

Some of these apps are HiddenAds malware disguised as mobile games. However, once downloaded they try to hide themselves by adopting the same icon as the Google Play Store or by straight up becoming invisible.

InfoSec's SentinelLabs discovers YouTube pretenders (September 18, 2023)

InfoSec's SentinelLabs is a space where threat researchers can gather data together and expose malware, exploits, and cybercrime in general. One of their latest findings revealed three separate applications that disguise themselves as the YouTube app, two of which have the exact same name as the original version and one called Piya Sharma after a famous anchor of the same name.

The ones responsible for the malware, dubbed CapraRAT, is a group going by the name Transparent Tribe (APT36). Thankfully, the malicious apps cannot be found in the official Google store. Instead, they are spread via social media and fake landing pages.

The scariest part is that they ask for permission to access your camera, microphone, location, SMS, and more of the sort. Such level of access creates the perfect opportunity for info theft, and even though it is thought CapraRAT is intended to affect mainly government officials and for espionage, any regular person can still be affected by it.

The best way to avoid this would be to stick to using the official YouTube application or website. The version that these fake apps and landing pages take you to is generally more stripped down compared to the original one.

Cybersecurity firm CloudSEK research (June 1, 2023)

The Cybersecurity firm CloudSEK carried out research via their own proprietary software and discovered apps that contain or had previously contained malware. A total of 193 apps were found, with 43 of them still active on the Google Play Store at the time. These apps have the ability to obtain server addresses, as well as personal data and files.

CloudSEK states that the number of users affected by these apps amounts to approximately 30 million, and that most of these apps are casual games that are easily forgotten after being installed and played a little. The researchers advise users to regularly scan their phones via an antivirus software to catch such malicious apps before they get the chance to do damage.

Top 10 infected apps based on number of installs:

Bitcoin Master (+ 1 million downloads)
Crazy Magic Ball (+1 million downloads)
Happy 2048 (+1 million downloads)
HexaPop Link 2248 (+5 million downloads)
Jelly Connect (+1 million downloads)
Macaron Boom (+1 million downloads)
Macaron Match (+1 million downloads)
Mega Win Slots (+500,000 downloads)
Tiler Master (+1 million downloads)

Full list:

2048 Lucky Cube 2248 Linked Bank Bingo Slots Be Big Bang Big Bang Popstar – Pongs Puzzle Bingo Club-lucky to Win Bingo County: Amazing 2022 Bingo Day: Lucky to Win Bingo Magic Zoo: 2022 Journey Bingo Slots Bird Linked Birds Merge Bitcoin 2moon Bitcoin Fall Bitcoin Master Bitcoin Master -mine Bitcoins! Bitcoinconnect Blackjack 21: Cash Poker Block Big Bang Block Crush Block Master – Brain Games Block Puzzle Boom Match Btc Linked Bubble Shooter Hero Bubble Spinner Buzzvideo-earn Money App Cake Master: Cream Legend Calculator Lock – Photos Vault Candy Kaboom Candy Pop Star Candy Winner Cash All – Earn Real Money Cash Game: Money Puppy Cash Master Cash Storm Slots: Real Moneychatmate Casual Gain Cat Party Chain Block 3d Chain One Line Channel3 Chip Win to 21: Merge Game Chip Winner Chip Winner 2048 Circus Coin Pusher Classic Diamond Slots: Cash Clipclaps – Reward Your Interest Coin Defend Cookie Crush Cookie Macaron Cookie Smash Crazy Bomb Crazy Cash Dozer Crazy Christmas Tree Crazy Cut Money Crazy Cut Money Crazy Fruit Crush Crazy Magic Ball Crazy Pop Tree Crazy Zumba Fruit Cube 2048 Cube Master 3d Cute Liner Cute Macaron Zumba	Desert Tree: Cash Grow Game Dessert Crush Dessert Match Kitchen Diamond Miner: Surprises Dominoes – Royal Master Dongbao Dreamlike Candy：sweet Merge Dropping Balls Earn Money: Squid Game Farm Blast – Match Game Fast Booster Box Fast Loans Plus Food Merger Food to Pop Foodie Tiler Forest Puzzle Fruit Bubble Smash Fruit Cutting Killer Fruit Spin Blast Fruits Legend: Farm Frenzy Fun Block Puzzle Game 2022 Funny Block Funny Hex Merge Funny Hoop Funny Macaron Gem Puzzle Gem Smash Go Break Go Jump Grand Win Solitaire Happy 2048 Happy Farm Slots-harvest & Win Happy Fruit Happy Merge Bang Hello Vpn-fast & Secure Hex Jigsaw Puzzle Hexa Link – 2248 Connect Puzzle Hexapop Link 2248 Holic Macaron Holiday 2048 Hotbuku-alat Pembaca Novel Professional Dan Populer Idle Dinosaurs Isecurity – Virus Cleaner Jelly Connect Jewels Crush Fever – Match 3 Jewel Blast Joy Match 3d Kitty Blast: Lucky Pet 2022! Knifemaster Lucky Aquarium Lucky Cashman-real Money&paid Lucky Coin Pusher -3d Lucky Crush Lucky Cube Lucky Cube Blast Lucky Dog Videos Lucky Eggs – Win Big Rewards Lucky Slots: Real Money & Spin Lucky Star: Lotto Scratch Lucky Tile Match:triple Crush Lucky Woody Match-block Blast Lucky for Happy Luckyyou Ludo Magic	Macaron Boom Macaron Bubble Macaron Mac Magic Balls Magical Pet:pop Match Make Money – Game Time Many Money Master Tiler Maya Merge – 2248 Hexa Puzzle Mega Jackpot Slot: Cash Winner Mega Lightning Slots Mega Win Slots Merge Crazy Ball Merge Hexagon Jewel – Match 3 Merge Lucky Puppies Merge Snack-overfood Metaverse Merge Money Tree Garden Monster Link- Match Blast Mood to Pop Mystery Miner Tycoon Mystery Solitaire Tycoon Na Neutral Solitaire Nice Poplink 2248 Pet Connect – Cute Pets Match Pixel Battle Pop Diamonds Pop Pop Balls Pop Stone 2 – Match 3 Game Puppy Fruit Slice Quick Loans Pro Random Dice Real Money Slots & Spin to Win Real Money:play Games Earn Relx Cash Royal Knight Slice Says Master: Jump Jump Shake Shake Sheep Slot Club Slot Pop! Smash King Smashmaster Solitaire Legend Solitaire Mega : Win Big Squid Gem Step Going Street Football Star Street Soccer Game Superfastvpn-unlimitedvpn Superjump Sweet Fruit Smash Tappycoins Tropical Fruit Blast Tunai Instant Uangnyata: Hasilkan & Permainan Vastvpn – Secure Vpn Proxy Vegas Bingo Vegas Cash Casino Vegas Coin Pusher Winning Slot : Mystic Pharaoh Woohoo – Real Cash Games Word Games：big Win Yeloli Princess Makeup Yeloli Princess Makeup Ztime: earn Cash Rewards Easily

GitHub list with SpinOk malware apps (May 29, 2023)

A list of 101 apps containing a SpinOk module with spyware features was shared in GitHub, a platform where developers store and manage their code.

The SpinOk module is presented as a marketing SDK. It collects information from the files on your phone and can then send that data back to the source. It can also gather sensor data from your phone’s sensors to avoid detection by security researchers, which makes it especially dangerous.

As you might notice from looking at the list below, most of the applications are either some kind of game or contain a “prize-winning” system. That is the disguise these apps use to trick users into downloading and engaging them afterward.

The apps listed below are reported to have been installed over 421,000,000 times when the list was uploaded to the website, so the chances are not that slim that one is living in your phone’s app drawer.

Full list:

Alaa Win Play Bank Bingo Slot Bingo Joy Bingo Tour Bingo-j Bitcoin Cash Giveaway Bitcoin Connect Biugo-video Maker&video Editor Blitz Slots Bubble Connect - Puzzle Match Bucksfir Cake Factory：pop Match3 Candy Gas Cash Prizes - Earn Rewards App Cashem:get Rewards Cashzine - Earn Money Reward Casino Royale: Wild Slots Chipwin to 21:merge Game Coin Big Bang Coin Vibe Colo Chess Crazy Drop Daily Step Digger Master - Casino Slots Digiwards Domino Master Fantasy Pusher Fast Wallet-earn Money&games Fizzo Novel - Reading Offline Fruit Bigbang Fruit Drop Game Reward- Real Money Games Gamony : Make Money Everyday Get Rich Scanner Gold Miner Coin Dozer Holiday Solitaire Party Instacash:earn Rewards Jackpot Bingo Slots Jackpot King - Coin Pusher Jelly Connect	Lion Coin: the King of Rewards Loto Scratch and Win Lucky Clover Bingo Lucky Jackpot Pusher Lucky Money - Real Money Games Lucky Word Club Make Money & Earn Cash Rewards Mania Vegas Slots Match Fun 3d Maya Merge Mega Blast Tree Mega Coin Dozer Mega Win Slots Memguru Mission Guru: Brain Boost Money Game-win Real Cash Money Gun - Earn Money Easily Money Tube: Video Player Money Well:play Game&earn Cash Mvbit - Mv Video Status Maker Noizz: Video Editor with Music Novelah - Read Fiction & Novel Novelfun Ohcash Owl Pop Mania Parking Inc. 3d Pic Pro - Ai Photo Enhancer Piggy Rush Slot Pixmania: Ganhe Prêmios No Pix Play Tube Playbox: Rewarded Play Pop Rewards Puzzle Cash	Queen Match-triple Tile Master Reweize: Earn Rewards Royal Dice Party Royal Fishing Party Smart Walk Solitaire Arena Solitaire Go: Tripeaks Space Pop: Bubble Shooter Star Quiz Stars Coin Step Counter:keep Fit Stepwin-pedometer&step Tracker Survey Cash - Earn Easy Cash Surveyking - Earn from Surveys Swe Rewards "swedswap" Tap Away 3d Tick:watch to Earn Treasure Scanner Trend Games Tt Tube:short Video Vfly: Video Editor&video Maker Vibetik Video Tube：cash Back Water Puzzle Captain Weather & Rewards - Real Money Witch Slots 2 Wow Domino Youth Rewards - Cash App

Kaspersky discovers Android subscription malware (May 4, 2023)

The cybersecurity firm Kaspersky discovered a new family of Trojan subscribers on Google Play at the beginning of May this year, dubbing it Fleckpe. The malware is mostly seen in photo editing apps and wallpaper packs.

After downloading the app and it gets access to your notifications, it sends out a confirmation code. The malware then runs on your phone, contacting the source it came from and providing information about your location and mobile carrier.

Once the information is acquired, the hackers send a paid subscription page that the trojan opens via an invisible browser to sign the user up for a paid subscription using the confirmation code mentioned above. This whole process is completely hidden and the user never finds out about it while using the downloaded app.

Full list:

Beauty Camera Plus
Beauty Photo Camera
Beauty Slimming Photo Editor
Fingertip Graffiti
GIF Camera Editor
HD 4K Wallpaper
Impressionism Pro Camera
Microclip Video Editor
Night Mode Camera Pro
Photo Camera Editor
Photo Effect Editor

MalwareFox list of known Android Malware Apps (March 16, 2023)

MalwareFox is a company that makes anti-malware software programs, and in March it detailed a list of the latest Android viruses plaguing the Google Play Store. In their report, they talk about each virus and what it does to compromise security.

List of viruses and the top 25 apps some of them were found in:

Harly Trojan	Joker Spyware	Autolycos Malware
Amazing Wallpaper Cool Emoji Editor and Sticke Fare Gamehub and Box Hope Camera-Picture Record Same Launcher and Live Wallpaper	Blood Pressure Checker – com.bloodpressurechecker.tangjiang Color Message Cool Keyboard – com.colate.gthemekeyboard Paint Art Premium SMS – com.premium.put.trustsms Private Messenger – com.recollect.linkus Simple Note Scanner – com.wuwan.pdfscan Universal PDF Scanner – com.unpdf.scan.read.docscanuniver	Creative 3D Launcher Delicate Messenger Gif Emoji Keyboard Instant Heart Rate Anytime Vlog Star Video Editor Wow Beauty Camera

View Full Bio

Aleksandar is a tech enthusiast with a broad range of interests, from smartphones to space exploration. His curiosity extends to hands-on DIY experiments with his gadgets, and he enjoys switching between different brands to experience the latest innovations. Prior to joining PhoneArena, Aleksandar worked on the Google Art Project, digitizing valuable artworks and gaining diverse perspectives on technology. When he's not immersed in tech, Aleksandar is an outdoorsman who enjoys mountain hikes, wildlife photography, and nature conservation. His interests also extend to martial arts, running, and snowboarding, reflecting his dynamic approach to life and technology.