Google Gets Tough, Removes 29 Data Stealing Apps from Google Play

By on April 16, 2015


Malicious app developers will find the going tough on Google Play. Google has removed 29 apps from its Developer Console, following identification by Symantec that these apps were being used to harvest e-mail addresses and phone numbers that were subsequently uploaded to remote command servers.

Joji Hamada of Symantec Japan has stated that the Tokyo Metropolitan Police has started investigations and will track down the group responsible. All these 29 apps had a common underlying code. It is believed one group is responsible for these apps that hid malicious code under apps masquerading as diet assistant and contact management tools. Since these did not prove popular, the group launched a group of apps with titles ending with the words ‘The Movie’.

This move proved successful with an estimated figure of 70000 to 300000 users installing them. These 29 apps targeted the Japanese market and mimicked popular games in that country, enabling users to play a video about the game. The app connects to a server and downloads a video file while uploading all names, contact information, phone numbers and email addresses in the phone’s contact book. It is estimated the group has harvested over 2 million contact information through this method.

The group may make a killing selling this data to spammers or those involved in identity theft and frauds. Interestingly enough, the same server that was used to distribute variants of Android.Oneclickfraud malware seems to have been used to collect information by the group. Possibly, the same group is managing that server? Such malware should awaken users to be more cautious when downloading apps.