Trend Micro has discovered several spyware laden apps that were, until recently, available to Android users from the Google Play store.
The apps posed as games like flappy bird and tools like flashlight. Once installed, they harvested personal data on the device and exfiltrated it out to a command and control server. GPS locations, call logs, text messages, contact lists and files were stolen by the malware.
The apps also had the capability to gather login credentials through pop-ups displaying fake Facebook and Google login screens.
Although a devastating data breach for the 100,000 users who installed these apps, it’s barely a drop in the ocean of 2 billion active Android users overall. With 2.6 million apps available from Google Play, can Google really be blamed for every piece of malware that slips through?
Well, probably. Ultimately though, it’s up to users to do a little background research on the apps they choose to install.