Over 500,000 Android Users Downloaded Malware Posing As Driving Games On Google Play

Over 500,000 Android users have already installed malware in the form of driving games from Google Play.

In the tweet of Lukas Stefanko, an ESET’s security researcher, he released 13 driving gaming apps’ details which were made by only one developer called Luiz Pinto. And at the time he tweeted about them, those games could still be downloaded from the Google app store. Two among those apps were even trending which gave those two apps higher visibility.

Those apps got a total of around 580,000 installs before getting removed by Google.

Users downloaded those apps and expected them to be car or truck driving games. But the only things they got were buggy apps that pretty much crashed all the time.

These apps were, in fact, trying to download a payload from a different domain which was registered under an Istanbul developer. And of course, it silently installed malware, hiding icon of the apps also. The main purpose of the malware is still unknown for now. Uploading the app to VirusTotal, it seemed like the malware and virus scanners in the site didn’t have the same idea what this malware does. What is certain is that this malware launches every time Android devices boot, and it has full access to those devices’ network traffic, which enables its author to steal data and secrets.

We have contacted the owner of the domain in Istanbul named Mert Ozek, but he hasn't responded yet.

Scott Westover, the Google spokesperson, confirmed that those driving apps “violated our policies and have been removed from the Play Store.”

It is another disappointed lapse by the company, which has been getting a lot of criticism for the backseat approach to mobile and app security in comparison with its rival Apple, which is often praised for being selective and restrictive about what apps can make it into its App Store.

It seems like Google effort in preventing malware in its Google Play is still not enough

Google has put a lot of commitment in trying to improve its Android security by adding more granular app permission controls and also better security features. But the tech giant still continues to fight against malicious and rogue apps in its Google Play, which has been one of the biggest threats to the security of Android users. Just in last year, Google removed over 700,000 malicious apps from Google Play.

But it seems like it is still not enough.