Stefanko first warned people about the apps on Nov. 19. All of them apparently come from a single developer named Luiz O Pinto. Once they are installed and launched, they download an additional APK file called “Game Center” and make the user install it. Then, the icons hide themselves and the malware displays ads when the user’s device is unlocked. The apps have no legitimate functionality, Stefanko said.
Although the games are bogus, two of them managed to make it to Google Play’s Trending Apps list, Stefanko said.
Here is a full list of the malicious apps:
- “Truck Cargo Simulator”
- “Extreme Car Driving Racing”
- “City Traffic Moto Racing”
- “Moto Cross Extreme Racing”
- “Hyper Car Driving Simulator”
- “Extreme Car Driving City”
- “Firefighter — Fire Truck Simulator”
- “Car Driving Simulator”
- “Extreme Sport Car Driving”
- “SUV 4×4 Driving Simulator”
- “Luxury Car Parking”
- “Luxury Cars SUV Traffic”
- “SUV City Climb Parking”
A Google spokesperson told Mashable “providing a safe and secure experience for our users is our top priority.” “We appreciate the researcher’s report and their efforts to help make Google Play more secure. The apps violated our policies and have been removed from the Play Store.”
This is not the first time someone snuck malware onto the Google Play Store. Cybersecurity company Symantec found 38 malicious apps disguised as games and educational software in May. Like the Luiz O Pinto malware, they hid their existence on victims’ smartphones by removing their icons from the home screen, then asked people to install another file that displays ads.