Malware was downloaded over 600 million times in 2023 from the Google Play Store

Cybersecurity firm Kaspersky has figured out that thanks to new and sneakier techniques used by bad actors to get malicious apps through Google's security scans, Android users downloaded malicious apps over 600 million times in 2023. That's a mind-blowing number and is helped along by the huge number of apps in the Play Store (more than 3 million unique apps says Kaspersky) that makes it impossible for even a company with resources like Google to completely check out each one in depth.

The first case study that Kaspersky lists in its blog post is interesting because it shows how these apps are getting installed on Android phones. The iRecorder app was first added to the Play Store in September 2021 and 11 months later, an update added code from Trojan AhMyth which caused the app to record every 15 minutes from the microphone on all phones that had the app installed. The recordings were sent to the server of the app creator.

By the time the iRecorder app was considered to be malware in May 2023, it had been downloaded 50,000 times. But the iRecorder story is illustrative of how these apps slip through Google's checkpoints; they start life as a regular app that does only what the developer says it does. But after some time goes by, an update is sent out that includes malware, and instantly that benign app you installed on your Android phone has become dangerous.

Another strategy employed by cybercriminals is to open multiple developer accounts with Google. This way, if Google kicks out a malware-laden app, another similar one can be uploaded to the Play Store. As an example, Kaspersky describes three apps: Beauty Slimming Photo Editor, Photo Effect Editor, and GIF Camera Editor Pro. This trio chalked up 620,000 installs while featuring the Fleckpe subscription Trojan.

Once these apps were opened on a phone, the malicious payload was downloaded on the device which would then open a browser window that the phone's user could not see. The browser would direct itself to sites offering paid subscriptions and after intercepting confirmation codes, the malware would sign up the device owner for paid subscriptions through his/her cellular account which the app had been able to access.

One of the most distributed malware apps that came from the Google Play Store last year were apps of Minecraft clones. Because of the popularity of the real Minecraft app, 35 million downloads were tallied under such names as Block Box Master Diamond. These apps contained adware called HiddenAds that ran ads in the background that the user could not see. While this made money for the bad actors, these apps would negatively impact the battery life of the phones on which they were installed.

Malware called SpinOk was behind the biggest case of the year according to Kaspersky. About 200 infected apps were installed an incredible 451 million times. The apps were supposed to deliver mini-games that would pay out cash rewards to players. But what these apps really did was collect user data and send it to the bad actor's command-and-control server.

One thing you can do to prevent yourself from installing malware is to check the comments section in the Play Store on each app from an unknown developer that you want to install. Forget the positive comments with high scores because those can be faked. Instead, check the negative comments with low ratings as these will probably be the ones that give you the true story behind the app. 

Look for red flags in these comments from those who have installed the app on their phones. Such complaints include reduced battery life, overheating, and the constant freezing of a device. Also, check the app's Play Store listing for spelling errors, and grammatical mistakes; if something doesn't look right, your best bet is to refrain from installing the app.