Cybersecurity researchers from Dr. Web claim to have spotted numerous apps on the Google Play Store in May with adware and information-stealing malware built in.
According to the report, the most dangerous of these apps features spyware tools capable of stealing information from other apps’ notifications, mainly to capture one-time two-factor authentication (2FA) one-time passwords (OTP) and take over accounts.
Three of these apps remain online, the rest of the apps allegedly containing malicious codes have been removed by the Play Store.
One of the remaining apps is PIP Pic Camera Photo Editor. This is a malicious app with over a million downloads that reportedly steals people’s Facebook credentials.
Dr. Web also lists Wild & Exotic Animal Wallpaper, an adware app that currently has 500,000 downloads which changed its name SIM Tool Kit after installation. Another is Magnifier Flashlight.
Looking back over the month of May, Dr. Web researchers said that while apps stealing other apps’ notifications content had decreased, the activity of advertising trojans had increased throughout the month.
The report states, “in May, Android.Spy.4498, which steals information from other apps’ notifications, was again the most common mobile threat.”
“That said, its activity continued to decrease. Advertisement trojans from the Android.HiddenAds family also remained among the most widespread Android threats. Their activity, on the contrary, increased slightly compared to April.”
The report also brought attention to the presence of new malicious applications emerging on Google Play.
“Among them are fraudulent apps from the Android.FakeApp family and Android.Subscription trojans that subscribe users to paid services. Above that, new variants of trojans from Android.PWS.Facebook family were revealed.”
The report comes within days of Google publishing its monthly Android security bulletin, which outlined the fixing of a large number of critical vulnerabilities.