Users beware: Malicious apps found in Google Play Store
Home 5 Blog 5 Users beware: Malicious apps found in Google Play Store

Many people are lax about their mobile security, downloading apps left and right with no worry about the consequences, since these apps should have been regulated by the publishers. Yet as managed IT service providers know, users in Sydney and all over the world should still be vigilant when it comes to downloading apps.

How so? A recent investigation revealed that password-stealing apps are abundant in the Play Store. As of writing, there were 84 infected applications, with one of them being downloaded millions of times. Many of the apps piggybacked on, a popular Russian-based social networking site. The malicious apps were submitted as clean applications from March to October 2017. After being published however, the developers would change the code during updates to incorporate malware-laden Javascript lines.

Experts from IT services know that this kind of behaviour is common among cybercriminals. After initially submitting a clean application, they would change the code after a few months to evade detection.

To cull their users’ information, they would use the login page of, which uses an official SDK for However, their applications have a Javascript code that steals the users’ credentials and deposits the information to a server controlled by the cybercriminals.

The investigators note that seven of the infected apps were downloaded 10,000 to 100,000 times, while nine apps were downloaded between 1,000 to 10,000 times. The rest had fewer than 1,000 downloads.

How to protect yourself

Google has already launched a bug bounty program as well as has restricted Android accessibility services to apps that wanted to tap it. To further protect users, Android users should download Google Play Protect. This new security feature utilizes app usage and machine learning analysis to uninstall malicious apps from the machine. Users will then be notified of the change.

Cybercriminals are becoming bolder and bolder in their approach to compromise users’ data. They are becoming ever more desperate during the Holiday season. To ensure that you and your data are protected, you have to enlist the services of a reputable managed IT service provider such as IntelliTek.

IntelliTek is one of the leading cyber security firms in Australia. We offer comprehensive services that can protect both your business and your home, as well as safeguard your mobile devices such as your mobile phone and your laptops. After all, one stolen data can be enough of a smoking gun to compromise your company – so never allow yourself to be put on that position by enlisting of our services today.


About IntelliTeK Pty Ltd

IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditations from the world’s leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007. 

IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at, fill out the web form, or have a Live Chat with us below.

Book A Consult

We can accommodate a solution for your needs, to discuss your options please contact us today.

Ph: 1300 768 779