Google Play store assaulted by malicious app uploads

There are more woes in store for Google’s Android as cybersecurity companies gear up to release reports of an extensive malware attack happening in the Google Play Store.

The Android app store is no stranger to malicious apps, especially in the past few weeks. First there was the adware laden Adware Blocker Plus lookalike incident, where an identical malicious copy of the popular extension was uploaded to the store and downloaded. Then, a fake WhatsApp program was uploaded onto the store that fooled a million Android users.

This time around, it seems the threat is far more extensive than a few popular apps. Services like McAfee are reporting that 144 Play Store apps are affected by a new kind of malware attack: Grabos. Most of these apps were audio streaming services and apps for downloading MP3 music files.

Grabos works by getting users to install more apps based on notifications it pushes to Android users after it’s installed. This may be part of its revenue stream for hackers, on a pay-per-app-download system.

Based on statistics from 34 of the 144 apps, McAfee estimates the malicious applications have been downloaded between 4.2 million and 17.4 million times.

But Grabos isn’t the only malware campaign going on at the store. Another is AsiaHitGroup, discovered by Malwarebytes and is disguised as several apps in the store, namely QR code scanners. The third was found by Dr.Web, and is another adware campaign.

This particular adware trojan was found in nine Play Store apps that had between 2.37 million and 11.7 million downloads. Google is reportedly in the process of investigating the flagged apps and working with developers to either update their code or remove the apps for user download.