It looks like Google is losing the battle against Android malware. The company hosted more than 205 malicious apps in the Play Store in July alone, which were downloaded a total of 32 million times in the last month alone.
The bulk of the suspicious software - 188 applications - contained hidden ads, amounting to 19,2 million installations. The remaining applications contained pay-per-view and adware scams, fake antivirus tools, adware, and software with built-in backdoors, according to data. disposed of ESET researcher Lukas Stefanko.
Interestingly, although there were only three paid subscription applications, they recorded one-third of all downloads with 12 million installations.
Hidden ads may not sound so bad, but Stefanko explains that it is a very aggressive adware.
At startup, these apps hide their icons from the home screen, and have no functionality other than showing full-screen ads to the user.
Stefanko examines malicious activity in the Play Store every month.
All of these apps and numbers are based on surveys, blog reports, and tweets posted in July 2019 by the infosec community.
Of course, this is not the first time that the Google Play Store has not been able to curb the spread of malware.
A few weeks ago a was published study from the University of Sydney who concluded that the Play Store is full of suspicious applications.
"We were able to find 2.040 potentially malicious files containing malware in a total of 49.608 applications that look like one of the top 10.000 popular applications in the Google Play store," the researchers said.
Although the company removed more than 700.000 malicious applications from Mountain View last year as part of its virus protection efforts with Play Protect, the malware is still finding its way to Android devices.
In 2017, AV-TEST reported that Google Play Playct itself successfully detected only 66% of suspicious applications in tests.
So although we often advise Android users not to download applications from third-party sources to avoid malware, unfortunately, it seems that attachment to the Play Store is not always secure.