Researchers with Wandera have discovered yet another set of malicious apps on the Google Play Store. The seven apps included a calculator, an alarm clock, two flashlight apps and three magnifier apps. While the apps do not contain malware when installed, they are “droppers” designed to download malicious “payload” apps without the user’s knowledge.
The payload apps will run in the background to display fullscreen video ads. The researchers warn that “while this adware is a nuisance,” the threat actors may use the backdoor in the dropper app to infect devices “with much more serious malware types.” Google has removed the apps from the store. Users who have these apps installed are urged to delete them from their phones as soon as possible. In order to get rid of the infection, users have to delete both the dropper and the payload app.
In order to address the Play Store’s notorious malware problem, Google this week announced the launch of the “App Defense Alliance.” This collaborative effort by Google and security companies ESET and Zimperium aims to keep the official Android app store free of malicious software by integrating the “Google Play Protect detection systems with each partner’s scanning engines.”
Read more: New Android Threat: Google Confirms Malicious Apps Removed From Play Store—Uninstall Now