Malicious Android apps with millions of downloads found on Google Play: Report

Malicious apps on Google Play are often used by threat actors to distribute adware, malware, and mobile banking trojans. Recently over 90 such apps were found installed over 5.5 million through Google Play.

The apps were being used to distribute malware including a banking trojan that reportedly targets over 650 applications of financial institutions in Europe, U.S. the UK and Asia. The trojan is known to steal e-banking credentials to perform fraudulent transactions, a report from Bleeping Computer said.

Since last year the baking trojan has achieved 150,000 infections via Google Play using various decoy apps in the productivity software category.

The baking trojan is currently using “PDF Reader and File Manager” and “QR Reader and File Manager” apps on the official Android app store to target users, a report from Zscaler said.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

At the time of Zscaler’s analysis the two has amasses some 70,000 installations, demonstrating the risks posed by malicious apps that manage to slip through Google’s review process.

Additionally, over the past couple of months malicious apps impersonating tools, personalization apps, photography utilities, productivity and fitness apps have been used to lure users into downloading malicious code, the report from Zscaler said.

Users are advised to ensure they review apps and the permissions they require before installing them on their devices. Users are also advised to read through app reviews to ensure their legitimacy, especially when downloading productivity apps as they could be infected with malware.