While official app stores are the safest way to find and download new software on your smartphone, they aren’t without faults. The Google Play Store has protections in place to weed out malicious apps, but occasionally, some manage to sneak through undetected. Thirty-five such apps were just discovered hiding on the Play Store: If you downloaded any of them on your Android device, delete them now.
Cybersecurity technology company Bitdefender issued a report on Wednesday, Aug. 17, identifying a fresh batch of 35 malicious apps on the Play Store. These apps are aggressive in their deception—they trick users into downloading them, each masquerading as an app the average Android user might enjoy using. However, once the user installs the app, it changes its name and app icon to remain hidden on the device.
Many switch the icon to one associated with Settings, and makes itself an alias for the real Settings app. When you open the fake app, it eventually opens the real Settings, tricking you into thinking it’s a legitimate Settings app. These apps will also hide themselves from recent apps lists, making them even harder to spot in routine use.
The goal for these apps is to serve you an obnoxious amount of ads: Aside from annoying you, these ads generate revenue for the developers of the malware apps. Worse yet, the developers run these ads from their own framework, which bypasses the protections typically implemented by Android. That allows developers to link to malware through these ads, compounding the danger.
Bitdefender discovers these types of apps using real-time behavior technology that identifies apps using practices known to be associated with fake or malicious software.
Below is the complete list of apps discovered in the report, compiled by Tom’s Guide. If you downloaded any of these apps on your device, delete them immediately. Of course, it’s possible the apps have changed their names and app icons, which means you’ll need to be scrupulous in your investigations: Look for any apps, such as utility or settings apps, you know you didn’t have previously on your device.
How to avoid downloading malware-infected apps
Malware apps are deceptive and sly, and certainly don’t advertise themselves as malicious in the Play Store. However, they often give themselves away in a few different ways. If you keep an eye out for the red flags, you can avoid downloading any to your Android device.
If an app has a large number of installs, but little to no reviews, avoid it. Bitdefender found an app like GPS Location Maps, with over 100,000 downloads, had zero reviews. On the flip side, if there are reviews, study them closely. If most seem poorly written, fake, or even written about another app, that’s a bad sign.
Take note of the permissions an app asks you for. It makes sense for a GPS app to ask for your location, but not your camera and microphone, for example. Be on the lookout for apps asking for special permissions as well. Most of the apps you download have no business asking for accessibility permissions, which indicates software looking to do some shady stuff in the background.
While the Play Store is host to the most hidden malware-infected apps, it isn’t only Android that has to deal with this problem. Researchers recently discovered a few malicious apps on both the iOS and macOS App Stores, a reminder that both Apple and Android fans need to be vigilant with each app download.