Android users are being warned that an app found on the Google Play Store hides a nasty surprise
Android users are being warned that an innocuous-looking app found on the Google Play Store is not what it seems.
Android is one of the most used pieces of software in the world, with more than two billion devices using the Google mobile OS each and every month.
However Android users are no strangers to security alerts, with some recent widespread threats being circulated via apps found on the Goole Play Store.
Six Android apps that were downloaded a staggering 90million times from the Google Play Store were found to have been loaded with the PreAMo malware.
While another recent threat saw 50 malware-filled apps on the Google Play Store infect over 30million Android devices.
And now Android users are being warned once again about an app that was found on the Google Play Store.
Researchers at mobile security firm Wandera are warning Android users about a Google Play Store app that was downloaded thousands of times.
The app in question is Scary Granny ZOMBYE Mod: The Horror Game 2019 which was downloaded over 50,000 times.
Android is one of the most used pieces of software in the world
The Android app also appeared to be well reviewed, with a four out of five star aggregate user review score on the Google Play Store.
However, experts at Wandera discovered the app was actually stealing login credentials for Gmail and other Google services.
In a post online, Wandera’s Liarna La Porta said: “Once installed, the app triggers a persistent phishing attack on the victim’s device.
“First, it displays a notification telling the user to update Google security services.
The offending Android app was discovered on the Google Play Store
“When the user hits ‘update’, a fake Google login page is presented, which is very convincing other than the fact ‘sign in’ is spelled incorrectly.
“From here, the app tries to steal the victim’s Google username and password.”
The research’s author added that, unlike other malware-filled apps, it actually works and plays a fully functioning zombie game.
La Porta noted the app was patient, sometimes waiting for two days before malicious activity was installed.
Android users need to be on alert about this app that was found on the Google Play Store
The Wandera study also explained that the Scary Granny app displayed adverts on Android devices that were disguised as fake apps.
The apps it mimicked to show these adverts included Facebook, Instagram, Amazon and Snapchat.
La Porta wrote: “Our threat research team is continuing to investigate these ads.
“We have reason to believe they are trying to make the user download further malicious apps.
“In one example, the ad directs the user to a page which Google blocked, flagging it as being deceptive, which suggests it hosts malware or a phishing attack.”
In response to the Wandera research the Scary Granny ZOMBYE Mod: The Horror Game 2019 has since been removed from the Google Play Store.
Advising Android users on how to stay safe, Wandera said: “Despite the Google Play Store’s rigorous security checks, this app that has a shocking number of malicious functions has made it through.
“Perhaps by using time-released malicious behaviour, by using package names that closely resemble legitimate ones, and by being a fully functioning game, the game evaded suspicion and known red flags.
“What can you take away from this scary story? Always do your own security vetting and don’t blindly trust apps on the official app stores.”
• Stay tuned to Express.co.uk for more Android news