Google removes multiple ‘dangerous’ apps with over 2 million downloads from Play Store: Report

Google Play Store was being infiltrated by a new set of malware, phishing, and adware apps. These fake apps were discovered by the Russian IT security company Doctor Web which also claimed that the apps were able to trick over two million users to get installed on their devices. According to a report by Bleeping Computer, a Google spokesperson has confirmed that all the apps reported by Doctor Web have been removed from Google Play. These apps pretended to be useful tools and system optimisers but, in reality, they brought in performance hiccups, ads, and other issues that degraded the user experience, the report adds.
How did these apps affect users?
As per the report, one of the apps named Tubebox was even able to collect one million downloads. This app promised users monetary rewards for watching videos and ads but never delivers on its promises, the report notes. Whenever users tried to redeem the collected rewards the app started showing various errors.
The report claims that even users who were able to complete the final withdrawal step never received the funds. The researchers have mentioned that “this is all a trick” as the app tries to keep the users inside the app for as long as possible. Meanwhile, users have to watch ads and generate revenue for the app’s developers.

Doctor Web also pointed out some other utility apps which had downloads ranging from 500 to one million. These apps received commands from Firebase Cloud Messaging and the attackers used them to load the websites specified in these commands. This trick helped the app to generate fraudulent ad impressions from the infected devices.
Meanwhile, the Fast Cleaner & Cooling Master app, which had a low download volume was used by attackers for a different purpose. This app allowed remote operators to configure an infected device to act as a proxy server. This proxy server would allow the hackers to channel their traffic through the infected device.
Scam loan apps removed from the Play Store
The report even mentions a set of loan scam apps that were also discovered by Doctor Web. These apps claimed to have a direct relationship with Russian banks and investment groups. The report claims that each of these apps had an average of 10,000 downloads on Google Play before they were removed by the company.
These fake apps were promoted through other apps and promised guaranteed profits on investment. Whereas, in reality, these apps used to take the victims to phishing sites where their personal information was collected.
How to avoid scam apps on the Play Store
To avoid such scam apps, Android users should always scrutinise the privacy policy, check for negative reviews and visit the developer’s site to evaluate their authenticity. Users should also regularly ensure that Google’s Play Protect feature is active.