Another jarring cybersecurity threat, malware infiltrated the Google
The malware was disguised as 13 driving-game apps. Two of the apps were even features on the "trending" plug. Once users downloaded the game and opened it, the app glitched out and crashed instead. Then, the app self-deleted its own icon, so users couldn't locate and delete it from their phone even if they tried. This ensured the malware gave attackers full access to the Android host device's network traffic, including their personal data, activity logs, and usage trends.
Google spokesperson Scott Westover stated that the apps "violated our policies and have been removed from the Play Store."
This is not the first time Google Play Store as a platform has been struck by malware. Last year, a similar type of virus called "Judy" was present in around 41 similar apps, affecting 18.5 million devices. In response to concerns regarding cyber safety, Google published a report stating that it removed more than 700,000 malicious apps from the Play Store in January of last year.
"Android devices that only download apps from Google Play are 9 times less likely to get a PHA than devices that download apps from other sources," reads Google's own Android Ecosystem Security Transparency Report. PHA is any "potentially harmful application."
In order to combat this problem in the future, Google plans to improve its back-end development to prevent such apps from getting into the Play Store in the first place. This may entail creating a separate malware investigation or analytics unit, or perhaps expanding existing teams with the same purpose. Now that this weakness in the company's operations has been exposed, it's likely that more attacks of the same nature are poised to occur in the near future.
"Newer versions of Android are less affected by PHAs. We attribute this to many factors, such as continued platform and API hardening, ongoing security updates and app security and developer training to reduce apps' access to sensitive data," says the Transparency report.
- https://techcrunch.com/2018/11/20/half-a-million-android-users-tricked-into-downloading-malware-from-google-play/
- https://thenextweb.com/google/2018/11/21/500000-android-users-downloaded-malware-made-by-one-developer/
- https://www.welivesecurity.com/2018/11/12/googles-data-avoiding-malware-on-android/
