Criminals inject malware into 20,000 Android apps outside the Play Store

Security firm Lookout has found 20,000 examples of popular apps on download sites and in download stores outside the Google Play Store that contain malware. Play Store users need not worry about these practices.

The ‘repackaged’ apps are applications like Candy Crush, Twitter and WhatsApp, and they are fully functional. However, the versions on download sites and in third-party download stores contain malware, according to the security company. This malware can gain root access and then embed itself as a system app, making them difficult to remove.

Lookout does not name any download stores affected by this, but the security company emphasizes that such apps cannot be found in the Play Store. All kinds of apps are in between, but virus scanners for Android are not. Lookout infers that the creators of such malware have a careful plan. It often involves adware.

The malicious agents who do this disassemble the apps’ apk file and then add their own code for gaining root access and displaying ads. Then they repackage the file and upload it to sites and download stores. Since major developers often only publish on the Play Store, the official app is usually not found in alternative download stores. Therefore, users of those stores often use the only option to install a popular app and download the unofficial version.

While there is a lot of malware for Android, virtually all malware can only be found on shady download sites and third-party download stores. As a result, the risk for many users in the Benelux, who almost always download all apps from the pre-installed Play Store, is minimal.