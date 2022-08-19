More than two million Android users have downloaded various malicious applications that have circumvented Google’s security protections to get into Google Play. As BitDefender has discovered, when apps are installed, use stealth techniques to hide from the user and avoid being removedwhile serving advertisements that can directly link to malware.

Cybersecurity researchers have found a total of 35 “clearly malicious” apps on the Google Play store, many of which tricked victims into downloading them. It’s known that, at least two million people have been victims of this malware.

Among others, these applications are: GPS Location Finder, GPS Location Maps (more than 100,000 people have downloaded it, as far as is known), Animated Sticker Master, Image Warp Camera and Personality Charging Show (the complete list can be seen on the BitDefender website in a box, next to the name of the developers.

remove them as soon as possible

If users have downloaded any of the applications, it is recommended that they find them (remember that the icon is hidden from the main screen so that you forget its existence or so that you do not know how to delete it) and remove them immediately.

BitDefender has already notified Google of this incident so that it removes the apps from its store but they say that many of them are still on Google Play.

This is how apps manage to evade control

It’s common for malware-laden apps to appear clean enough how to bypass app store protections. They do this because they only connect to the servers where they receive the malicious download after it has been installed on the user’s device.

Google Play, despite the controls that have been improving, continues to host many apps with trojans and malware as we continually report on Genbeta, when researchers discover these issues.

One of the apps discovered by the researchers is called GPS Location Maps, and it has been downloaded by more than 100,000 users. According to the researchers, once downloaded, the app changes its label from “GPS Location Maps” to “Settings” to make it more difficult to locate and remove. If you have it on your phone you will see lots of pop-up ads and if you access it, it links to malicious websites.

Those behind GPS Location Maps “have gone to great lengths to ensure that the malicious app is difficult to reverse and examine, with the main Java payload hidden inside encrypted files. Even when the files are decrypted, the code remains obfuscated,” the researchers explain.

Also, even if you don’t access the ad, BitDefender claims that some of the apps also simulate user clicks for you to click on the advertisements, which helps them make illicit profits from those forced visits.

Developers with similar addresses





The company has shared how each of the malicious apps appears to be the only app published by a single developer, but their email addresses and websites are all very similarleading Bitdefender to believe that all applications could be the work of a single group or individual.

Here is the list of some of these developers:





Users should always be careful about what they download, and be especially wary of developer apps unknown that have a large number of downloads but no reviews.