There are plenty of reasons to be nervous when downloading apps for Android devices. Not only is Android malware on the rise, but people are also finding it in unsuspecting places like email attachments and Google Play — Google’s very own app store!
Why is there so much malware on Google Play? Well, compared to Apple’s App Store, Google gives developers a bit more freedom. Unfortunately, many of these apps come with nasty stowaways that Google isn’t checking for. Tap or click here to see a recent batch of malicious apps found on Google Play.
And now, a new round of malicious apps has been discovered hiding on Google Play. Most of these apps are disguised as games and puzzles — which means kids might be installing malware on their phones without knowing. If any of these programs make their way to your device, you’ll be drowning in popups and ads in no time. Here’s what you can do about it.
Beware of new Google Play adware
Security researchers with Avast have discovered a brand new batch of Google Play malware with more than 8 million downloads. As of right now, Google has only removed a handful of them, and it’s currently investigating the entire batch before taking further action.
These programs are mostly disguised as games and puzzles — and once you install them, they bombard your phone with spam advertisements. You’ll even see popups outside of the malicious app during normal phone use. Yuck!
These apps are all part of a family of malware called HiddenAds, which is a well-known Android Trojan. In reviews for several of the apps, users mention YouTube ads that convinced them to download. If malicious apps are getting advertised on YouTube, that’s a double-failing on Google’s part.
And to make matters worse, the fact that these apps are mostly games and puzzles means the primary victims are kids and parents. Kids won’t know they’re downloading malware if they see a convincing YouTube ad, and could end up infecting their phone by accident. Or, in another scenario, they could end up infecting their parent’s phones.
Kids in the crosshairs
The malicious adware apps mentioned above aren’t the only kind of Google Play malware targeting kids. Researchers from The International Digital Accountability Council (IDAC) reported three kids’ apps to Google for stealing user data and violating company policy.
The three apps, titled Princess Salon, Number Coloring, and Cats & Cosplay, have more than 20 million downloads between them. While installed, they used a loophole in their game engines to collect Android ID and Android Advertising ID data. This allowed them to get away with collecting data without Google even noticing.
Fortunately, Google quickly addressed the apps and removed them from the Play Store. What nobody is sure of is whether or not the exploit developers used was on purpose or accidental.
I’m tired of malicious apps! Which ones do I need to get rid of?
Even though a few of the apps mentioned above were removed by Google, it’s still recommended you check your phone to make sure they’re not installed. If any of them are, you’ll need to manually remove them to protect your device and data from harm.
Avast put together a complete list of the malicious apps it found to help users clean up their phones. If you have any of the following apps on your Android, it’s time to get rid of them once and for all:
- Shoot Them
- Crush Car
- Rolling Scroll
- Helicopter Attack – NEW
- Assassin Legend – 2020 NEW
- Helicopter Shoot
- Rugby Pass
- Flying Skateboard
- Iron It
- Shooting Run
- Plant Monster
- Find Hidden
- Find 5 Differences – 2020 NEW
- Rotate Shape
- Jump Jump
- Find the Differences – Puzzle Game
- Sway Man
- Money Destroyer
- Desert Against
- Cream Trip – NEW
- Props Rescue
- Princess Salon
- Number Coloring
- Cats & Cosplay
To uninstall any of these apps, open your Settings and tap the Apps menu. Scroll through your installed apps until you find one of the names listed above. Tap on them to uninstall and remove them.
For extra peace of mind, you can also reformat and erase your phone with a clean install of Android. Just remember to back up your device first. Tap or click here to see how to perform a factory reset on your Android phone.
To keep yourself safe in the future, follow these basic security pointers for Android devices:
- Avoid visiting any app stores other than Google Play. If you think Google Play malware is bad, you haven’t seen the garbage floating around third-party app stores. Tap or click here to see the malware you can find on third-party app stores.
- When downloading Google Play apps, stick to well-known developers as much as possible. If you want to try something new, read the reviews carefully to make sure you’re not about to download a scam.
- Be cautious about the permissions you give. When an app like a game or puzzle asks for permission to send you notifications or use your camera or microphone, don’t let it. That’s a big red flag that something is wrong.
- Don’t click on links or attachments sent to you by email or text. This is a common way that cybercriminals spread malware to smartphones. If you click any links sent in a text or email, you might end up on phishing sites. You’re better off playing it safe.
- If someone you know sends you an email or text with a link, check with them personally to make sure they actually sent it. At least one kind of malware can spoof the email addresses and text of anyone it infects. Tap or click here to see it in action.
Always remember to check your phone for malware on a regular basis. You never know if something was hiding in the last Google Play app you downloaded. And, as always, we’ll keep you up to date here at Komando.com with the latest discoveries and security updates for Android.