Hackers infiltrate over 330 malicious apps into Google Play

Stealth malware: Over 60 million Android users affected

Google Play, android malware, android malware 2025, malware google play, Malware, Android
Image source: JarTee / Shutterstock.com
LinkedInRedditWhatsAppPocket

Deutsch This article is also available in German.

Cyber criminals have managed to bypass Android’s security mechanisms and infect over 60 million users worldwide with malware. Experts from Bitdefender Labs discovered a large-scale malware campaign with over 330 infected apps.

These apps disguise themselves as useful everyday helpers and are invisible once downloaded – a dangerous development that shows how sophisticated modern attacks have become.

Ad
Supposedly just an app to control water intake.
Image 1: Supposedly just an app for checking water intake. (Image source: Bitdefender)
Figure 2: Malware is hidden behind the handset locator app for finding the smartphone by tapping.
Image 2: Malware is hidden behind the handset locator app for finding the smartphone by tapping. (Image source: Bitdefender)
Figures 3 and 4: Digital household accounts or translation apps are also used to disguise malware.
Image source: Bitdefender
Digital household accounts or translation apps also serve as camouflage for malware.
Image 3 and 4: Digital household accounts or translation apps are also used to disguise malware. (Image source: Bitdefender)

Android security precautions bypassed

The hackers are exploiting a vulnerability in Android 13: Normally, the system prevents apps from hiding in the launcher without an icon. However, the malicious programs circumvent this rule and thus remain invisible to the user. They start in the background without any interaction and show unwanted ads about other running apps. They don’t even need special permissions to do this – a clever trick that leaves many users in the dark.

Hidden danger: data theft and phishing

In addition to the annoying flood of advertising, the real threat lurks in the background: the malware specifically collects user data and uses it for phishing campaigns. The attackers attempt to steal credit card data or personal information. The Bitdefender analysis shows that there are already confirmed cases of such fraud attempts.

Some dangerous apps are still online

Although Google and Android have been informed about the campaign, fifteen of the malicious apps are still available in the Play Store. The perpetrators could be either an organized group or several individual actors using the same tools from the darknet. The fact that the campaign already peaked last fall shows that such attacks often go unnoticed for a long time.

Ad

How users protect themselves

To protect themselves from such attacks, users should only download apps from trustworthy developers and check reviews carefully. Security solutions can also help to detect malicious apps at an early stage. Anyone who discovers suspicious apps on their smartphone should uninstall them immediately and have the device scanned for malware.

Further information:

A detailed technical analysis of the malware mechanisms can be found here.

(vp/Bitdefender)


Ad

Weitere Artikel

Automated attacks: BlackBasta relies on “BRUTED”
SideWinder now also attacks nuclear power plants
What is Spear Phishing and why are Businesses Prime Targets?
Who is IntelBroker? The Phantom Behind the Mega-Breaches