Google Play Protect Archives

AppWizard

June 24, 2025

Is your Android phone safe? ‘Godfather’ malware targets 500 Android apps

Cybersecurity firm Zimperium has reported a new variant of the Godfather malware targeting around 500 Android applications, mainly in banking, cryptocurrency, and e-commerce sectors. This version uses virtual spoofing to create deceptive replicas of the user's phone environment, misleading users and security measures. The malware installs a malicious "host" app that scans for banking applications and downloads counterfeit versions that operate in a concealed virtual space. When users access their banking apps, they interact with these fraudulent versions, which record sensitive information such as PINs, passwords, and two-factor authentication codes. It can also remotely control devices, execute money transfers, and exfiltrate confidential data. Most affected applications are based in Turkey, but the malware has the potential to spread globally.

AppWizard

June 20, 2025

‘Godfather’ Malware Is Now Hijacking Banking Apps on Android

The latest version of the "Godfather" malware targets Android devices, capable of hijacking legitimate banking applications and complicating detection. Initially detected in 2021, it used screen overlay attacks to trick users into entering sensitive information. The new iteration introduces a virtualization capability, creating a virtual environment on the device that allows it to intercept and manipulate user interactions with banking apps. This malware can harvest account credentials and exert remote control over the device, enabling unauthorized transactions. Currently, it affects nearly 500 applications, primarily targeting banks in Turkey, with potential for global spread. Users are advised to download apps only from trusted sources, modify permission settings, enable Google Play Protect, keep devices updated, and audit installed applications to protect against this threat.

AppWizard

June 15, 2025

Crypto holders beware: these wallet apps look real but exist only to steal your assets instantly

Recent investigations by Cyble Research and Intelligence Labs (CRIL) have identified over 20 malicious applications on the Google Play Store that impersonate legitimate cryptocurrency wallet tools. These apps are designed to steal users' mnemonic phrases, which are essential for accessing crypto wallets. The applications utilize WebView technology to create fake login pages resembling those of well-known platforms, tricking users into providing sensitive information. Users are advised to activate Google Play Protect, use strong passwords, enable multi-factor authentication, and avoid entering sensitive information into unverified apps. A list of 22 fake apps includes: 1. Pancake Swap - Package: co.median.android.pkmxaj, Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html 2. Suiet Wallet - Package: co.median.android.ljqjry, Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html 3. Hyperliquid - Package: co.median.android.jroylx, Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 4. Raydium - Package: co.median.android.yakmje, Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 5. Hyperliquid - Package: co.median.android.aaxblp, Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 6. BullX Crypto - Package: co.median.android.ozjwka, Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html 7. OpenOcean Exchange - Package: co.median.android.ozjjkx, Privacy Policy: hxxps://openoceansi.sbs/privatepolicy.html 8. Suiet Wallet - Package: co.median.android.mpeaaw, Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html 9. Meteora Exchange - Package: co.median.android.kbxqaj, Privacy Policy: hxxps://meteorafloydoverdose.sbs/privatepolicy.html 10. Raydium - Package: co.median.android.epwzyq, Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 11. SushiSwap - Package: co.median.android.pkezyz, Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html 12. Raydium - Package: co.median.android.pkzylr, Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 13. SushiSwap - Package: co.median.android.brlljb, Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html 14. Hyperliquid - Package: co.median.android.djerqq, Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 15. Suiet Wallet - Package: co.median.android.epeall, Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html 16. BullX Crypto - Package: co.median.android.braqdy, Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html 17. Harvest Finance blog - Package: co.median.android.ljmeob, Privacy Policy: hxxps://harvestfin.sbs/privatepolicy.html 18. Pancake Swap - Package: co.median.android.djrdyk, Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html 19. Hyperliquid - Package: co.median.android.epbdbn, Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 20. Suiet Wallet - Package: co.median.android.noxmdz, Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html 21. Raydium - Package: cryptoknowledge.rays, Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc 22. PancakeSwap - Package: com.cryptoknowledge.quizzz, Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc

AppWizard

June 8, 2025

These apps tricked Google to list them in the Play Store and you must delete them from your phone

The Google Play Store has been infiltrated by deceptive applications that are part of a phishing campaign, as revealed by an investigation by Cyble. These applications mimic legitimate digital wallets, including names like SushiSwap, PancakeSwap, Hyperliquid, and Raydium, and have utilized over 50 domains to evade detection. The primary threat involves the extraction of users' mnemonic phrases, which are critical for accessing cryptocurrency and tokens. Users are advised to uninstall nine specific apps identified by Cyble: Pancake Swap, Suite Wallet, Hyperliquid, Raydium, BullX Crypto, OpenOcean Exchange, Meteora Exchange, SushiSwap, and Harvest Finance Blog, to protect their digital assets. Although many of these malicious apps have been removed from the Play Store, the risk persists for those who still have them installed.

AppWizard

May 20, 2025

Best Android Security Apps for Enterprise and Personal Use

Android holds a 71.65% market share as the leading mobile operating system. In 2025, users face sophisticated cyber threats such as ransomware and phishing scams. Android Enterprise provides a multi-layered defense system validated by the U.S. Department of Defense, featuring AI-driven threat detection that blocks 99.8% of malware through 100,000 daily app scans. It supports three device management models: Fully Managed Devices (COBO), Work Profiles (BYOD), and Dedicated Kiosk Mode. Recent enhancements include automated security patch deployment and hardware-backed key attestation. Leading Mobile Device Management (MDM) solutions include TinyMDM, which offers real-time location tracking and remote device wiping, and integrates with Microsoft Intune for conditional access. Harmony Mobile combines app reputation scanning with network-level phishing prevention. Emerging trends in enterprise security include AI-powered anomaly detection, with 42% of enterprises adopting Zero Trust principles, and rugged device management optimized for industrial environments. For personal protection, Bitdefender Mobile Security leads AV-Test rankings, Kaspersky Premium blocks 5.6 million malware attacks monthly, and Norton 360 Deluxe includes biometric app locking. Privacy tools like ExpressVPN and DuckDuckGo Privacy Browser enhance user security. Google's Project Zero reports a 35% decline in critical Android vulnerabilities, attributed to improved patch adoption. The convergence of enterprise and personal security solutions is emphasized, with a focus on AI/ML integration for enterprises and comprehensive protection suites for individuals.

AppWizard

May 20, 2025

Preventing App-Based Threats on Android Devices

By 2025, the Android platform faces increasingly sophisticated app-based threats, including ransomware, fake apps, social engineering, and remote access attacks. Cybercriminals exploit Android's open architecture, prompting the need for advanced security measures. Android's security architecture includes: 1. Google Play Protect: Scans applications before installation using real-time machine learning to detect emerging malware and deceptive tactics. 2. Application Sandboxing: Isolates apps to prevent data access between them, utilizing Linux permissions and SELinux policies. 3. App Signing and Code Integrity: Requires cryptographic signatures for apps, complicating the introduction of rogue certificates and runtime modifications. Advanced protections include Runtime Application Self-Protection (RASP) for high-security apps, which monitors behavior in real time, and secure coding practices that encourage regular code reviews, strong authentication, and data encryption. User vigilance is crucial, emphasizing responsible downloading, limiting permissions, keeping software updated, enabling two-factor authentication, and being cautious with public Wi-Fi. Google continuously updates security measures, ensuring older devices receive new protections, while collaboration with the security community aids in identifying and countering emerging threats.

AppWizard

May 13, 2025

Google announces new security features for Android for protection against scam and theft

Google unveiled new security and privacy features for its Android platform, focusing on safeguarding calls, screen sharing, messages, device access, and system-level permissions. Key measures include blocking unsafe actions during calls with unknown contacts, restrictions on side-loading apps from unverified sources, and limiting accessibility permissions to prevent scams. Users on Android 6 or later will not be able to disable Google Play Protect, which scans for harmful applications. Enhanced screen-sharing protection includes reminders to stop sharing after calls and a warning screen for banking apps when sharing with unknown numbers. Google Messages will improve scam detection using on-device AI for various fraud types. Verification keys in the Google Contacts app will allow users to authenticate contacts, with end-to-end encryption for verified conversations. Identity Check protection requiring biometric authentication will be extended to more devices, and stricter controls on Factory Reset functions will be implemented. Google is also enhancing its Play Protect program to detect unsafe apps and strengthening Advanced Protection Mode for public figures, along with introducing a new Find My Hub feature.

AppWizard

May 13, 2025

Your Android phone is getting a huge security upgrade for free

Google has introduced a suite of security tools for Android users to protect against various threats, including: 1. Protection against Scam Calls: Alerts users to potential scam calls and blocks harmful actions, focusing on disabling Google Play Protect, preventing sideloading of unverified apps, and restricting accessibility permissions. 2. In-call Protections for Banking Apps: A feature that warns users when they open banking apps while sharing their screen with unknown callers, starting in the UK, and automatically enabled for participating banks on devices running Android 11 or higher. 3. Improved Scam Detection in Google Messages: Enhanced scam detection capabilities that now cover a wider range of scams, including toll road, cryptocurrency, financial impersonation, gift card, and technical support scams. 4. Better Encryption for Text Messages via Key Verifier: A tool that allows users to confirm contacts' identities through public encryption keys, enhancing privacy and security. 5. Stronger Mobile Phone Theft Protection: Expanded theft protection features, including the Identity Check tool, restrictions on unauthorized factory resets, and obscured one-time passwords on the lock screen. 6. Advanced Protection for Mobile Devices: An Advanced Protection Program offering cryptographic verification for all login operations, available on devices running Android 16. 7. Improvements to Google Play Protect: Upgrades to identify malicious apps before installation and live threat detection to alert users of suspicious app behavior. 8. Enhancing Overall Android Security: Ongoing commitment to improve Android security through regular updates and new tools to protect users from evolving cyber threats.

AppWizard

May 13, 2025

Google talks smarter security against fraud and theft in The Android Show

Google has announced updates to enhance security and privacy for Android users, including: - Enhanced scam protection for calls and text messages. - Updated Factory Reset protections limiting phone functionality if reset without owner consent. - Upgraded Live Threat Detection in Google Play Services to identify malicious applications. - Introduction of the Key Verifier feature for verifying identities in conversations using public encryption keys, launching this summer for Android 10 and higher. - Expansion of the Identity Check feature to more devices with the upcoming Android 16 release. - Concealment of one-time passwords on the lock screen in Android 16. - Extension of the Advanced Protection program to a broader audience. - Rollout of live threat detection capabilities in Google Play Protect for Pixel 6 and newer devices and other smartphones. - Announcement of Google I/O 2025 scheduled for May 20 at 10 am PT (1 pm ET).

AppWizard

May 13, 2025

Your Android phone will soon warn you about that sketchy app sneakily changing icons

Google Play Protect is set to enhance its security features to better defend against malicious applications. The upcoming update will include the ability to detect changes in app icons, alerting users when an app alters its icon, a tactic used by malicious developers. Additionally, Google Play Protect will improve its on-device malware detection capabilities by implementing new rules to identify specific text or binary patterns associated with known malware families. These enhancements aim to provide users with timely alerts before installing potentially harmful applications, significantly reducing the risk of malware. The new icon detection feature will roll out in the coming months, initially available on the Pixel 6 series and select devices from other manufacturers. The on-device rules will be updated regularly to address emerging threats, and the enhanced malware scanning capability will be accessible to all Android users with Google Play Services.