cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Hackers dump malicious code into Google Play apps

Hackers are launching malicious software through manipulated versions of popular Android apps, according to research by MalwareFox.

user icon Daniel Croft
Tue, 02 May 2023
Hackers dump malicious code into Google Play apps
expand image

It is a common misconception that as they both screen apps to ensure they meet terms and conditions before they get listed, official app marketplaces like the Apple App Store and Google Play Store are generally safe.

However, threat actors are now targeting Android users through the Play Store by downloading Android apps, changing them to include malicious code, and then re-uploading them with new names.

“The functionality indicated in the description of the apps may still be present; thus, users may not even be aware that a vulnerability exists,” adds MalwareFox.


Android’s massive user base and open-source programming make it a desirable target for threat actors, as the operating system and its apps are used by a large number of people worldwide and can be easily modified.

As MalwareFox points out, there is a wide variety of trojan malware ranging from spyware to ransomware in circulation on the Google Play Store.

ExoBot, for example, is a form of malware that imitates banking apps. Once on a device, ExoBot depicts itself as a legitimate banking app, awaiting a user to input credentials. Those credentials, along with other data, are then stolen and used in future for phishing attacks, among other crimes.

Another is Harly Trojan, a malware that collects user device data, including mobile network information. The “Harly family of Trojans” then contain that information within the app and employ a number of strategies to decode and launch the malware.

Harly Trojan has been deployed in a number of apps, according to MalwareFox, including “Amazing Wallpaper”, “Cool Emoji Editor and Sticker”, and “Hope Camera-Picture Record”.

A list of the top 10 Android malware varieties and the top 25 Android malware apps can be found on the MalwareFox website here. Anyone who has downloaded any of the affected apps is advised to remove it immediately and run antivirus software.

Only recently, hackers had been loading malicious software onto the Google Play Store using expensive loader programs that are purchased off of the dark web, according to a report from antivirus company Kaspersky.

Loader software allows hackers to “deliver a malicious or unwanted app to Google Play”. Software ranges between US$2,000 and US$20,000 (roughly $3,000 to $30,000).

To increase the impact of these apps, cyber criminals pay for Google ads to attract customers to these apps while increasing the façade of legitimacy.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.