A number of Google Play Store apps have been stealing private user data since 2016 right under Google’s nose. The report comes from Kaspersky Labs which has revealed that the infected applications had a special type of malware.
This malware is known as the PhantomLance Trojan backdoor and the detailed report describes it as a sophisticated type of malware that is not only harder to detect but even harder to investigate. It can get access to almost all personal data on a smartphone including location, call logs, text messages, lists of installed apps, and much more.
This malware was found in popular apps on the Play Store such as cleaner apps, ad removing apps, font changing apps, etc. The developers of these apps were able to bypass Google’s security by uploading a clean version of these apps at first and then uploading the malware later on. These were left unchecked by Google.
Vietnam has been the primary target but a handful of other regions have been infected by this trojan too. This trojan has been linked to a group called OceanLotus, which has been involved in a history of similar attacks on other operating systems as well. This group is often backed by high stake officials and even governments.
Google has already removed the infected applications in question but this puts into perspective just how unsafe even the most popular application sources can be.