Some of the malicious Android Minecraft mods
Some of the malicious Android Minecraft mods (ESET)

News of malicious Android apps hosted on the Google Play Store doesn't seem to stop coming these days, as ESET and Zscaler researchers recently disclosed they've reported nearly 100 malicious apps they recently come across.

The biggest batch comes from ESET security researcher Lukas Stefanko, who says that between March 16 and 21, he reported to Google 87 Android apps posing as Minecraft mods, but which, in reality, contained two malware (adware) strains.

In total, the researcher says, the apps reached up to 990,000 installs before Google took them down.

None of the apps contained any Minecraft functionality

Stefanko says that none of these apps contained any legitimate functionality, being mere vessels for adware. The apps would only work during the installation process, focusing on luring the user into granting them admin privileges. Once this was achieved, the apps would then focus on their malicious behavior.

The researcher says 14 of the apps downloaded another component specifically designed for showing ads inside a special container, while the rest of the 73 apps simply opened a local browser and redirected the user to a site showing ads.

Of these, the first 14 were the most dangerous as the attacker could have very easily downloaded a more advanced malware on the user's smartphone instead of the adware component, such as a banking trojan or ransomware strain.

Stefanko provides instructions on how to uninstall some of these apps, and has also recorded a video showing how they behaved during and after their installation.

Zscaler also found 12 other apps

Also yesterday, Zscaler researchers announced they worked with Google to remove 12 malicious Android apps from the Play Store, four of which were downloaded between 10,000 to 50,000 times before they were discovered.

The apps were disguised as QR/barcode scanners, photo editors, faster battery chargers, games, compass and voice recorder, among others.

Just like the apps discovered by ESET, these too were focused on displaying ads, launching unwanted YouTube videos, redirecting users to ad-infested sites via their browser, or downloading, installing, and launching apps on the user's smartphone.

Google's Android Security Report

Both reports come one day after Google published its yearly Android Security Report, which contains the following statistics:

  • By the end of 2016, only 0.05 percent of devices that downloaded apps exclusively from Play contained a PHA (Potentially Harmful App); down from 0.15 percent in 2015
  • 0.71 percent of all Android devices had PHAs installed at the end of 2016 (0.5 percent increase)
  • Trojans (0.016 percent of all installs) dropped by 51.5 percent compared to 2015
  • Hostile downloaders (0.003 percent of all installs) dropped by 54.6 percent compared to 2015
  • Backdoors (0.003 percent of all installs) dropped by 30.5 percent compared to 2015
  • Phishing apps (0.0018 percent of all installs) dropped by 73.4 percent compared to 2015
  • Verify Apps conducted 750 million daily checks in 2016
  • Google paid researchers nearly $1 million dollars for Android vulnerability reports in 2016
  • About half of devices in use at the end of 2016 had not received a platform security update in the previous year