Eight Million Users Download 200+ Malicious Apps from Google Play
Security researchers flagged hundreds of fake apps to Google last year, warning that millions of users may have unwittingly infected their devices with malware.
Zscaler made the claims in its ThreatLabz 2024 Mobile, IoT, & OT Threat Report, which covers the period June 2023 to April 2024.
The security vendor discovered over 200 malicious apps in the period on Google Play, which is nominally a safer platform for Android downloads than third-party app stores. These apps collectively garnered more than eight million installs.
Of these, Joker was the most prolific malware on the site, accounting for nearly two-fifths (38%) of malicious apps identified by Zscaler. Joker enables Wireless Application Protocol (WAP) fraud, by covertly subscribing victims to premium-rate services without their consent.
Adware came second, comprising 35% of detected malware, followed by Facestealer (14%), which is designed to harvest Facebook credentials in order to hijack accounts.
Read more on mobile threats: Mobile Banking Malware Surges 32%.
The “Tools” category was the most abused by threat actors on the Play Store, accounting for nearly half (48%) of malware-infected apps. Malicious personalization (15%) and photography (11%) apps were also commonplace.
Nearly half (46%) of attacks are now trojans, while the technology (18%), education (18%) and manufacturing (14%) sectors bore the brunt of mobile malware last year. In the case of the education sector, attacks surged 136% annually.
Zscaler said that mobile banking malware (29%) and mobile spyware (111%) also saw big spikes in annual growth over the reporting period.
For the first time, India recorded the largest share (28%) of mobile attacks, followed by the US (27%) and Canada (27%).
Zscaler’s report also highlighted the threat to enterprises from legacy and end-of-life operating systems that often run on OT equipment. Often these systems can’t be updated because the underlying hardware is not compatible with newer versions, and/or it is too mission critical to take offline to test and patch.
“Cybercriminals are increasingly targeting legacy exposed assets which often act as a beachhead to IoT and OT environments, resulting in data breaches and ransomware attacks,” said Deepen Desai, CSO at Zscaler.
“Mobile malware and AI-driven vishing attacks adds to that list making it critical for CISOs and CIOs to prioritize an AI-powered zero trust solution to shut down attack vectors of all kinds, safeguarding against these attacks.”
Image credit: East pop / Shutterstock.com