When Google’s Android app store first opened, it took a several years before Google got ahold of the problem of shitty and/or outright malicious apps. But just when it seemed Google had the issue under control, here are the malicious apps again, including one that mimics Angry Birds to steal your personal info.
Google has removed at least 15 Android apps from its official Play market after receiving outside reports they were malicious trojans that siphoned names, telephone numbers of email addresses of every person in the phone’s contact list.
The apps, which were reported here by McAfee researcher Carlos Castillo, masqueraded as video players offering trailers of Android games and anime content. In the background and without warning, they also obtained the phone number and a unique identifier of the infected device and sent the information in clear text to a remote server under the control of the software developers. Statistics provided by Google Play (formerly the Android Market) indicated they had been downloaded at least 70,000 times, according to Castillo, who didn’t provide the name of the apps or the developers marketing them.
The discovery marks at least the second time Google servers have been caught distributing Android malware since the company announced a new cloud-based service that scours its online bazaars for malicious apps. Two weeks ago, a separate set of researchers found malicious extensions in the Google Chrome Web Store that could gain complete control of users’ Facebook profiles.
A Google spokesman declined to comment on Friday’s report from Castillo. Japanese researchers appear to have been the first to uncover the malicious apps, according to this translation from hatena.ne.jp.