90+ malicious Android apps with 5.5m installs found spreading malware on the Play Store — protect yourself now

A picture of a skull and bones on a smartphone depicting malware
(Image credit: Shutterstock)

Bad apps can wreak havoc on the best Android phones, which is why you always need to be careful when installing new ones. However, even when you download new software via the Google Play Store there’s still a chance that you could end up with a malicious app on your phone.

As reported by BleepingComputer, the cybersecurity firm Zscaler has revealed that it has discovered more than 90 malicious apps on Google Play which were collectively installed 5.5 million times.

While the firm hasn’t provided the names of most of these malicious apps, we do know that many of them impersonated productivity, personalization and health & fitness apps along with other utilities.

Here’s everything you need to know about this latest batch of bad apps including the names of two of them that you need to remove immediately if they’re installed on your Android devices.

Delete these apps right now

As I mentioned before, Zscaler has yet to release the full list of the 90+ malicious apps it discovered over the past few months. However, it did provide info on two particularly dangerous apps in a new report that you should delete immediately if you have them installed:

  • PDF Reader & File Manager by TSARKA Watchfaces
  • QR Reader & File Manager by risovanul

Fortunately, both of these apps have been removed from the Google Play Store and are no longer available for download. However, if you have them installed on your Android phone or tablet, you’re going to need to manually uninstall them.

Dropper apps hiding in plain sight

As we’ve seen in the past, bad apps can slip through the cracks and end up on the Google Play Store. Both of the apps listed above are what’s known as malware droppers and according to Zscaler, together they’ve been installed 70,000 times combined.

These dropper apps are able to bypass Google’s rigorous security checks as they don’t contain malware when uploaded to the Play Store. Instead, the apps communicate with a hacker-controlled command and control (C&C) server after installation to download malware.

In this case, both of these utility apps are being used to infect vulnerable Android phones with the Anatsa banking trojan. This Android malware targets over 650 banking apps in the US, the UK, Europe and Asia in order to steal their financial credentials. In fact, during a malware campaign late last year, Anatsa was able to infect 150,000 Android phones through Google Play using bad apps.

Just like with other banking trojans, Anatsa uses overlay attacks to steal your banking credentials. These overlays are actually fake websites designed to mimic the look and feel of the login pages of popular banking apps. However, instead of logging into your account, you’re also giving hackers your username and password.

Anatsa can also commit on-device fraud by launching banking apps on its own and performing transactions on behalf of victims. Not only does this save the hackers time but it also improves their chances of success since someone logging into their account on their own device doesn’t raise nearly as much suspicion as it would on a different Android phone.

How to stay safe from malicious apps

A hand holding a phone securely logging in

(Image credit: Google)

In order to stay safe from this and other Android malware strains, you’re going to want to limit the number of apps on your phone. Even seemingly innocent apps can be used to drop malware onto your device which is why you really want to ask yourself whether or not you need a particular app before downloading and installing it.

For this reason, you want to stick to bigger, more widely known app developers that have a history of putting out good software. Likewise, you’re much less likely to come across malware when going with paid apps as opposed to free ones. Before installing any app, you also want to check its rating and reviews but as these can be faked, it’s a good idea to look for video reviews online so that you can see the app in question in action before you download it.

To protect yourself and your devices from malware, you want to make sure that Google Play Protect is enabled on your phone as it can scan all of your existing apps and any new ones you download for malware. For additional protection and some useful extras like a VPN or even a password manager, you might also want to look into running one of the best Android antivirus apps alongside it.

In an email to Tom's Guide, a Google spokesperson provided further insight on these malicious apps, saying:

“All of the identified malicious apps have been removed from Google Play. Google Play Protect also protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services.”

Hopefully Zscaler releases the full list of the 90+ malicious apps it has discovered over the past few months. Even if it doesn’t though, this new Anatsa campaign serves as the perfect reminder that you always need to be careful when downloading and installing new software even when it’s from official app stores.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.