14 DAY TRIAL // A total of 85 Android apps were removed from the Google Play Store after it was discovered they were compromised with malware capable of stealing social network passwords from users’ devices.
Ironically, the compromised apps were discovered by Kaspersky, whose software was recently banned in the United States over alleged ties with Kremlin, and the malware was targeting users of Russian-based social network VK.
The more worrying side of the story is that the apps have been available for download for a long time, and one of them recorded more than 1 million downloads on the Google Play Store.
Called “Mr President Rump,” this app was a game that was published in March this year and its download count skyrocketed in the summer. Other apps have been in the Store for nearly two years, with their installations ranging between 1,000 and 100,000.
The infected apps came with an option to authenticate on VK for various purposes, asking users to provide their usernames and passwords. Typically, games include Facebook or social network functionality for extra features, such as sharing high scores or gaining premium content.
Change your passwords
Kaspersky security researcher Roman Unuchek says malware writers most likely wanted to use the stolen VK credentials to boost the number of members of groups or posts.
“These cybercriminals were publishing their malicious apps on Google Play store for more than two years so they had to modify their code to bypass detection. We think that cybercriminals use stolen credentials mostly for promoting groups in VK.com. They silently add users to promote various groups and increase their popularity by doing so,” he wrote.
The malware was said to be targeting devices with languages where VK is said to be a popular social network, including Russian, Ukrainian, Kazakh, Armenian, Azerbaijani, Belarusian, Kyrgyz, Romanian, Tajik, and Uzbek.
The apps have already been removed from the Google Play Store, and users who think their credentials might have been compromised are recommended to change passwords as soon as possible.