Google Play Store Alert: Dangerous Apps You Should Avoid

Google is taking significant steps to enhance Android security, bringing an end to the long-standing free-for-all of third-party apps and sideloading. The tech giant is tightening restrictions, enforcing stricter app policies in the Google Play Store, and enhancing security with Play Protect, which will include live threat alert in Android 15. These changes aim to reduce security vulnerabilities and bring Android closer in security to Apple’s iOS.

Despite these efforts, users are still warned about persistent threats. This week alone, two alarming reports have surfaced, emphasizing that security risks remain widespread on Android devices. The first report comes from Kaspersky, which warns about modified versions of popular apps like Spotify, WhatsApp, and Minecraft being used to spread malware. One of the key dangers highlighted is the Necro Trojan, first discovered in 2019, which has since evolved with new features.

Google Play Store Alert: Dangerous Apps You Should Avoid

Initially, the Necro Trojan was present in a popular app, CamScanner, which had over 100 million downloads on Google Play. More recently, Kaspersky detected the Trojan in a modified version of Spotify distributed outside of the Play Store, as well as in Wuta Camera, an app that had garnered over 10 million downloads from the official store. This is a stark reminder that even apps on legitimate platforms can pose serious threats.

The Necro Trojan has become more dangerous over time, using advanced obfuscation techniques to hide its malicious activities. Once installed, the malware can load and run downloaded apps, take over the victim’s device, and even sign them up for paid subscriptions without their knowledge. It can also display ads in invisible windows, open arbitrary links, and run JavaScript code, further increasing its threat level.

The second warning comes from Cleafy, which has uncovered a new variant of the TrickMo banking Trojan. Like the Necro Trojan, TrickMo was first identified in 2019 and has since evolved into a more dangerous threat with advanced obfuscation and anti-analysis mechanisms. TrickMo, initially linked to the infamous TrickBot malware, now targets Android users by masquerading as a legitimate Chrome browser update. Once installed, it prompts users to update Google Play services, tricking them into enabling accessibility services that give the malware full control over their devices.

See Also: How to Add and Remove Birthdays in Google Calendar

TrickMo can intercept one-time passwords (OTPs), record the screen, log keystrokes, and take remote control of the device. It is a significant threat to users’ financial and personal security, particularly when it comes to online banking.

In response to these threats, Google has reassured users that Play Protect will automatically defend against known versions of these malware. Google Play Protect, enabled by default on devices with Google Play services, can warn users or block malicious apps, even those installed from outside the Play Store.

However, these incidents highlight the importance of vigilance when installing apps, even from official stores. Users should avoid sideloading apps from third-party stores, carefully check developer details, and scrutinize app permissions. As malware continues to evolve, adhering to these best practices is critical for maintaining device security.

With the introduction of Android 15’s live threat detection and Google’s ongoing efforts to clamp down on third-party app access, the Android ecosystem will become more secure in the near future. Nevertheless, users must remain cautious and follow security guidelines to protect themselves from these growing threats.