From Fitness To QR Scanners -- Malicious Apps Get 300K+ Downloads On Google Play

Published: January 07, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



Just when we hoped it was safe to download apps from Google Play Store again, there’s news of malicious apps hiding there in plain sight. Despite additional app security restrictions by Play Store earlier this year, over 300,000 app fans unknowingly gave these malicious scoundrels a new home on their Android smartphones.


Four malware families successfully escaped Google Play security, spreading their malware droppers in everything from fitness apps to QR scanners. Play Store has since removed the infected apps, but the concern is “Are there more we don’t yet know about?” What we do know is vigilance by app users can help save their smartphone from malware madness.


Some of the infected utility apps include: Gym and Fitness Trainer, CryptoTracker, PDF Document Scanner Free, Two-Factor Authenticator, and QR Scanner. Although they seem harmless, that’s what these threat actors counted on for success. Gym and Fitness Trainer would get more downloads this time of year, and QR Scanners are everywhere you look including on your TV screen. QR scanners are increasingly being used in our cyber-culture from getting food menus to more information on products and services.



App Downloading: What To Do, What Not To Do


Keeping devices safer from malicious apps is once again left in the hands of users, and an informed user is still the best antidote for avoiding the app malware. Below is great advice to help keep from downloading these infected apps to your device.

  • Never download apps from third party app stores, otherwise known as “sideloading.” These sites rarely, or less thoroughly, scan apps for viruses before making them available.

  • Do your homework and always read app reviews before downloading. Users post their experiences with apps both good and bad and it can be a huge heads-up for malware-laden apps.

  • Beware of apps with just a few, but glowing reviews. They’re a sign the app may be compromised, and the reviews are likely faked

  • Keep your mobile device operating system and other software updated. Updates typically have fixes for security bugs. Use trusted and updated antivirus solutions on all devices.

  • Pay attention to pop-up windows during download that ask for permission to data and device features not necessary for the app to run. When in doubt, deny it and see if the app works just fine. If not, you can change it.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

1 view0 comments