Play Store apps Archives

AppWizard

March 11, 2025

PlayPraetor Malware Targets Android Users via Fake Play Store Apps to Steal Passwords

A malware campaign called PlayPraetor has been identified by cybersecurity firm CTM360, involving counterfeit Google Play Store websites that trick users into downloading malicious Android applications. These apps are advanced banking Trojans that steal sensitive information, including banking credentials and clipboard data. The operation spans over 6,000 fraudulent web pages designed to mimic the official Play Store, prompting users to install APK files that contain the PlayPraetor Trojan. This malware can log keystrokes, capture screen content, and monitor clipboard activity. Distribution occurs mainly through Meta Ads and SMS messages, exploiting psychological triggers to deceive users. The malware communicates with a command and control server to target specific banking and cryptocurrency wallet applications. The attackers aim for financial gain by draining compromised accounts, executing unauthorized transactions, and potentially engaging in ad fraud. The operation is particularly focused on South-East Asia, and users are advised to download apps only from the official Google Play Store and to maintain updated security software.

BetaBeacon

October 8, 2024

Judge orders Google to open Android to other stores in Epic lawsuit ruling

Judge James Donato has ordered Google to open the Android operating system to third-party app stores for a period of three years starting in November.

BetaBeacon

October 6, 2024

In the fight between Epic and Google, there are no ‘good guys’

Epic Games has filed a lawsuit against Google and Samsung, alleging unfair practices related to Samsung's Auto Blocker feature.

AppWizard

September 29, 2024

Google Play Store apps overview

In June 2023, several Android applications in the Google Play Store generated significant revenue. The top-performing apps included App A, App B, App C, App D, and App E, each earning millions of U.S. dollars. These figures highlight the apps' popularity and their effectiveness in monetization.

AppWizard

September 24, 2024

The Necro Trojan Malware Has Infected Over 11 Million Android Devices | Lifehacker

Recent findings reveal the presence of a malware Trojan, known as the Necro Trojan, embedded within two applications on the Google Play Store, compromising over 11 million devices. The Trojan has infiltrated legitimate apps and modified versions of popular apps, such as Spotify Plus and WhatsApp variants like GBWhatsApp and FMWhatsApp. The Wuta Camera app, downloaded over 10 million times, and the Max Browser app, with over one million downloads, were identified as containing the Trojan. The Necro malware can execute harmful functions, including running adware and initiating fraudulent subscriptions. Users are advised to scan their devices for affected apps and remove them to protect against the malware.

AppWizard

September 24, 2024

If you have any of these infected apps on your Android phone, they must be uninstalled now

The Necro Trojan malware has targeted Android users by infiltrating applications on the Play Store, including WhatsApp and Spotify. It uses steganography to hide malicious payloads, displaying ads in invisible windows, draining battery life, slowing device performance, and causing overheating. It can also enroll users in unwanted paid subscriptions and download arbitrary JavaScript and DEX files. Kaspersky's research found that modified versions of Spotify (Spotify Plus) and apps like Wuta Camera and Max Browser contained the Necro malware. Wuta Camera had over 10 million downloads before being removed, while Max Browser had over one million downloads. Users are advised to uninstall these apps and any modified versions of WhatsApp or game mods for Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. Kaspersky has blocked over 10,000 Necro attacks in a month, primarily in Russia, Brazil, and Vietnam. Users are encouraged to check their devices for the mentioned apps and to only install applications from official sources.

AppWizard

July 31, 2024

Android apps from alternative app stores can soon be updated through Play Store

Google will allow updates for sideloaded apps or those downloaded from alternative app stores directly through the Play Store. This change is part of a new feature found in the beta version 42.0.18 of the Play Store, which includes an "Update from Play" button for sideloaded applications. Users will be notified that the app comes from an alternative environment and can choose to update it through the Play Store or its original source. It is unclear if this will make the Play Store the default source for future updates, and the update is not yet available to all users but will be rolled out soon.

AppWizard

July 31, 2024

New Mandrake Spyware Found in Google Play Store Apps After Two Years

A new variant of Android spyware called Mandrake has been found embedded in five applications on the Google Play Store, which were downloaded over 32,000 times before being removed. The affected apps are AirFS, Amber, Astro Explorer, Brain Matrix, and CryptoPulsing. Mandrake employs advanced obfuscation and evasion techniques, including relocating malicious functionalities, certificate pinning, and sandbox evasion. It collects device information and can execute commands to steal user credentials and deploy further malware. Mandrake has been present since 2016 and was first documented by Bitdefender in May 2020. Google is enhancing its Play Protect defenses to combat such threats.

AppWizard

July 30, 2024

This dangerous Android spyware has returned via malicious Play Store apps — delete them right now

Cybersecurity experts have discovered a new version of the Mandrake Android spyware in applications on the Google Play Store. Initially identified by Bitdefender in 2020, this spyware has been active since at least 2016. Kaspersky's findings indicate that this evolved variant has evaded detection and infiltrated five different apps submitted in 2022, with most remaining available for nearly a year and one for two years before removal. All malicious applications containing this version of Mandrake have been removed from the Google Play Store, but users are advised to delete them manually if installed. The affected apps and their download counts are: AirFS (30,305 downloads), Astro Explorer (718 downloads), Amber (19 downloads), CryptoPulsing (790 downloads), and Brain Matrix (259 downloads). The Mandrake spyware conceals its initial stage within a native library, exports functions to decrypt further malicious code, and can perform various harmful actions. It also uses notifications that mimic genuine ones from the Play Store to trick users into installing more malware. Users are encouraged to exercise caution when downloading apps and ensure Google Play Protect is activated on their devices.

AppWizard

July 30, 2024

Android spyware hid in Play Store apps for two years

"Mandrake" is a type of Android spyware identified by Bitdefender in 2020, which had been undetected for four years. A new variant was detected by Kaspersky two years later. The spyware has been downloaded 32,000 times, primarily through the AirFS app, which masqueraded as a Wi-Fi file sharing tool. The spyware uses native libraries to hide its payload and communicates with a command-and-control server via a library named "libopencv_java3.so." After installation, it deceives users with fake Play Store notifications to download additional malicious APKs. The spyware can detect the presence of the Frida toolkit, used by security experts, and ensures the target device has the necessary permissions. AirFS, which had 30,305 downloads, has been removed from the Google Play Store, along with four other apps distributing Mandrake. Google is working to improve its Play Protect feature to combat rogue apps, but malicious behavior remains a challenge in the diverse Android ecosystem. Cybercriminals also mimic Google with credible push notifications.