Google Play is Hit by Multi-stage Malware

A total of eight legitimate-looking apps have been discovered on Google Play that perform multiple steps of malicious activity. Fortunately, the eight apps have been removed from the store and only received a few hundred downloads apiece. 

These malware apps utilize a multi-step architecture and encryption, so their true identities remain hidden. Once they are downloaded the apps will not request any unusual or confidential information. In fact, they will perform exactly how the users would expect them to. 

The first step of this multi-step process is encrypting and executing its payload. This results in the second step payload being stored in the assets of the initial app downloaded from Google Play. Both of these are completely hidden to the user.

The second step also carries a hard-coded URL which will download another malicious app by prompting the user to do so. This new malicious app will be disguised as a popular software known as Adobe Flash Player or will be named something that sounds legitimate such as “Google Update.” 

The fourth and final step, payload, is a mobile banking Trojan. It will present the user with a fake login form in attempt to steal credit card details or any other valuable information. 


Unfortunately, these malicious apps have the ability to sneak into Google Play and other official app stores. The best way to avoid this is to be aware when downloading an unfamiliar app. Check app rating, comments, reviews, and run a quality security solution on your mobile device.

To find out what security measures you can take to protect yourself, contact us today.

Contact Us

Posted in

Book a call with TechRunner IT and get a smart IT plan