Eight million users download more than 200 malicious apps from Google Play

Security researchers reported hundreds of fake apps to Google last year and warned that millions of users may have unintentionally infected their devices with malware.

Zscaler made the claims in its ThreatLabz 2024 Mobile, IoT and OT Threat Report, which covers the period June 2023 to April 2024.

The security vendor discovered over 200 malicious apps during the reporting period on Google Play, which is nominally a safer platform for Android downloads than third-party app stores. These apps have been installed more than eight million times in total.

Of these, Joker was the most prevalent malware on the site, accounting for nearly two-fifths (38%) of the malicious apps identified by Zscaler. Joker enables Wireless Application Protocol (WAP) fraud by secretly subscribing victims to premium services without their consent.

In second place was adware, which accounted for 35% of malware detected, followed by Facestealer (14%), which is designed to collect Facebook credentials to hijack accounts.

Read more about mobile threats: Mobile banking malware increases by 32%.

The Tools category was the most abused by threat actors on the Play Store, accounting for almost half (48%) of malware-infected apps. Malicious personalization (15%) and photo apps (11%) were also commonplace.

Almost half (46%) of attacks are now Trojans, while the technology (18%), education (18%) and manufacturing (14%) sectors were hit hardest by mobile malware last year. In the education sector, attacks increased by 136% annually.

According to Zscaler, mobile banking malware (29%) and mobile spyware (111%) also saw strong annual growth spikes during the period.

For the first time, India recorded the largest share (28%) of mobile attacks, followed by the US (27%) and Canada (27%).

Zscaler’s report also highlighted the threat to businesses from outdated and outdated operating systems, which often run on OT devices. Often these systems cannot be updated because the underlying hardware is not compatible with newer versions and/or it is too mission critical to take them offline for testing and patching.

“Cybercriminals are increasingly targeting older, exposed assets that often act as bridgeheads into IoT and OT environments, leading to data breaches and ransomware attacks,” said Deepen Desai, CSO at Zscaler.

“Mobile malware and AI-driven vishing attacks are adding to this list, making it critical for CISOs and CIOs to prioritize an AI-powered zero trust solution to eliminate all types of attack vectors and protect themselves from these attacks protect.”

Photo credit: East Pop / Shutterstock.com