Researchers have spotted several apps on the Google Play Store with built-in adware and information-stealing malware.
These apps are spyware tools capable of stealing information from other apps’ notifications, mainly to capture one-time two-factor authentication (2FA) one-time passwords (OTP) and take over accounts.
Most of the apps containing the allegedly malicious code had been removed by the Play Store, but three remain online.
- PIP Pic Camera Photo Editor – over a million downloads that reportedly steal people’s Facebook credentials.
- Wild & Exotic Animal Wallpaper – an adware app that changed its name to SIM Tool Kit after installation that currently has 500,000 downloads
- Magnifier Flashlight – an adware app with 10,000 downloads.
The list also includes PIP Camera 2022 and ZodiHoroscope – Fortune Finder, both Facebook credential-stealing apps.
In May, Android.Spy.4498, which steals information from other apps’ notifications, was again the most common mobile threat. Advertisement trojans from the Android.HiddenAds family also remained among the most widespread Android threats. Their activity, on the contrary, increased slightly compared to April.
The report also highlighted the presence of new malicious applications emerging on Google Play.
Among them are fraudulent apps from Android.FakeApp family and Android.Subscription trojans that subscribe users to paid services. A new variant of trojans from Android.PWS.Facebook family was also revealed.