Google removes 13 apps from the Play Store that covertly download malware

Patrick O'Rourke

January 8, 2016 11:58am

The open nature of Google’s Android operating system means that the Play Store can sometimes be a dangerous place, with some less-than-honest app developers sneaking corrupt and malicious content into the app marketplace.

According to Android Authority, 13 popular apps have been banned by Google.

The method these apps used to boost their numbers on the Google Play Store is surprisingly simple. Each one seems normal on the surface, but they all secretly download other applications in the background, in the process artificially boosting their download numbers. Some of these apps even go so far as to automatically post positive reviews and ratings without the owner’s knowledge.

Some of the apps on the list also attempt to gain root access to a person’s device, allowing them to remain installed even after a factory reset. Google has reportedly run into this issue in the past, but in previous instances the malware infected apps weren’t discovered on the official Google Play Store, and were instead located in third-party Android marketplaces.

Lookout Security, the security researcher that uncovered the malware infected apps, says that there isn’t a simple solution to remove the infected apps from your Android device, especially if the app in question has already gained root access. In some cases removal requires the installation of a Root Explorer app, forcing the user to manually find the infected files and remove them manually. Reflashing to a manufacturer ROM will also reportedly solve the issue.

“The explanation for the apps’ high ratings and hundreds-of-thousands of downloads is the malware itself. First off, some of the apps are fully-functioning games. Some are highly rated because they are fun to play. Mischievously, though, the apps are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors. This helps increase the download figures in the Play Store. Specifically, it attempts to detect if a device is rooted, and if so, copies several files to the /system partition in an effort to ensure persistence, even after a complete factory reset. This behavior is very similar to several other malware families we’ve seen recently, specifically Shedun, ShiftyBug, and Shuanet,” writes lookout researcher Chris Dehghanpoor in a recent blog post.

Honeycomb, one of the 13 apps called, has reportedly been downloaded approximately a million times before Google removed its from the Play Store.

Find a list of the infected apps below:

Cake Blast
Jump Planet
Crazy Block
Crazy Jelly
Tiny Puzzle
Ninja Hook
Piggy Jump
Just Fire
Eat Bubble
Hit Planet
Cake Tower
Drag Box

Image courtesy of Flickr user etnyk.

  • Wilhelm

    Good to see Google taking initiative on this but still proof that Android is a crappy OS when it comes to security and this kind of malware.

    Where are the BB pumpers touting the Priv! After all. This could NEVER affect their phone could it. Oh no. Never Ever. lmao

    • El Capitan Morgan

      Does Blackberry Priv downloads apps directly from the Google App Store or still using Amazon App Store?

    • John Vieira

      It’s full android, so it uses the Google App store. And yeah, they sure won’t be able to root it. If one of these apps can root the priv, then awesome, where can I get them so I can get my priv rooted?

    • John Vieira

      You’re right, BB10 would never be affected by this.

    • jellmoo

      It has less to do with Android as an OS than it has to do with Google’s review policy when apps are submitted to the Play Store. The process is simply to lax with not enough overview.

      One thing Apple has done a better (not perfect, but better) job of is the attention given during the approval process. It is considerably more rigorous and involves greater functionality and compliance testing.

    • gommer strike

      There needs to be a happy medium somewhere in between. While I agree that Apple is doing a better job, the whole Minecraft clone thing on their store which shot up to the top 10 shows that yes it’s better – but definitely still not perfect(how did it pass approvals?).

    • jellmoo

      Absolutely. Like I said, not perfect, but better. The compliance checklist that Apple requires is much, much more involved than the Google one. The submission bounce rate is also a much bigger concern for those submitting an app.

    • Victor Creed

      You need to go outside more

  • cartfan88

    Perhaps why RBC’s banking wallet requires the phone to be in an unrooted state.

    • It’s Me

      Yup. It’s also why it’s funny whenever someone says “you’re only at risk if you use dodgy 3rd party stores. If you stick with Play you are safe”.

    • Michael Yun

      If you use a smartphone all of your data is already not safe lol

    • thereasoner

      I would still say that, you’re as safe as any other anyways and far safer than messing with your phones security settings so you can download outside the Play Store !

      Besides, have you seen that list? These are “popular apps” ?, I think not .

  • robinottawa

    Dots your phone need to be rooted before these can install their software on your phone?