Google Play has come under attack from a cluster of authentic-looking Android apps masquerading as security tools.
The thirty-six apps – which use names such as Guardian Antivirus, Smart Security, Deep Cleaner, Security Keeper and Advanced Boost – actually perform tasks that include scanning, junk cleaning, battery saving, app-locking and CPU cooling. At the same time, however, they also nefariously gather personal data, device information and user location onto a remote server. Aha! They also inundate users with invasive advertisements and phony security alerts.
The developers of this malware created believable pop up notifications to enhance the look of legitimacy. For example, they did this by asking the user to take action to resolve an issue and then sending notifications to let the user know that it has been resolved.
Security firm Trend Micro discovered the bogus apps in December and alerted Google, who have now removed them from Google Play. Although these apps are no longer available, it has shown vulnerability in Google Play – which is slightly annoying because the old advice of only downloading apps from official app stores no longer really provides much security.