Over 200 malicious apps on Google Play downloaded millions of times

Google Play, the official application marketplace for Android, facilitated the distribution of over 200 malicious applications within a one-year period, collectively accumulating nearly eight million downloads. This data was gathered between June 2023 and April 2024 by threat intelligence researchers at Zscaler, who identified and analyzed various malware families present on both Google Play and other distribution platforms. Earlier in May 2024, the same researchers reported the presence of more than 90 malicious applications on Google Play, with a total download count of 5.5 million. Despite Google’s implementation of security measures to detect and prevent the distribution of malicious applications, threat actors continue to employ sophisticated techniques to evade the platform’s verification process.
A report published last year by the Google Cloud security team highlighted ‘versioning’—a method in which malware is delivered through application updates or downloaded from attacker-controlled servers. Regardless of the specific techniques used to distribute malware via Google Play, certain campaigns achieve greater success than others. While Zscaler’s research primarily focused on prevalent Android malware, other cybersecurity experts have identified large-scale campaigns leveraging Google Play to spread malicious software to millions of users. One such case involved the Necro malware loader, which was downloaded 11 million times through just two applications published on the official store.