Saturday, June 14, 2025
HomeCyber Security NewsAndroid Trojan On the Google Play Store With Over 500,000 Installs Steals...

Android Trojan On the Google Play Store With Over 500,000 Installs Steals from Notifications

Published on

SIEM as a Service

Follow Us on Google News

On the Google Play Store, the cybersecurity analysts at Dr.Web have recently witnessed a major tip in trojan infiltration. Not only that even they have also detected one application that has more than 500,000 installs and steals users’ data from the notifications.

The threat actors use these malicious applications that belong to a family of trojan malware to perform several malicious tasks like:-

  • Scams
  • Data theft
  • Financial losses
  • Loss of sensitive personal information

Trojans Tracked

Here below we have mentioned all the trojans tracked by the cybersecurity experts at Dr.Web:-

- Advertisement - Google News
  • Android.Spy.4498
  • Android.HiddenAds.3018
  • Android.HiddenAds.624.origin
  • Android.MobiDash.6922
  • Android.MobiDash.6929
  • Program.FakeAntiVirus.1
  • Program.SecretVideoRecorder.1.origin
  • Program.KeyStroke.3
  • Program.WapSniff.1.origin
  • Program.FreeAndroidSpy.1.origin
  • Tool.SilentInstaller.14.origin
  • Tool.SilentInstaller.6.origin
  • Tool.SilentInstaller.13.origin
  • Tool.SilentInstaller.7.origin
  • Tool.Loic.1.origin
  • Adware.AdPush.36.origin
  • Adware.SspSdk.1.origin
  • Adware.Myteam.2.origin
  • Adware.Adpush.16510
  • Adware.Adpush.6547

Fake WhatsApp mods

Among the detected Trojan malware, Android.Spy.4498 trojan is the one that is traced with high activity on the Google Play Store. The Android.Spy.4498 trojan is the unofficial modifications (mods) of WhatsApp messenger such as:-

  • GBWhatsApp
  • OBWhatsApp
  • WhatsApp Plus

The threat actors are spreading these fake malicious WhatsApp mods through several mediums like:-

  • Social media posts
  • Forums
  • SEO poisoning

Moreover, it has been also detected that all these above-mentioned malicious mods offer multiple utility features, and here they are:-

  • Arabic language support
  • Home screen widgets
  • Separate bottom bar
  • Hide status options
  • Call blocking
  • Auto-save received media

Other trojans on the Play Store

Along with this trojan, multiple numbers of trojan malware were detected on the Play Store by the experts of Dr.Web security firm. On the Google Play Store, the attackers are spreading threats under the hood of multiple genuine-looking applications.

Types of applications scattered by the threat actors on Google Play Store:-

  • Cryptocurrency management apps
  • Social benefit aid tools
  • Gazprom investment clones
  • Photo editors
  • A launcher themed after iOS 15

For diverting the stolen money from the victim’s account to the scammer’s bank account, the attacker tricks the user to deposit money for trading in the fake investment apps.

While in the case of other applications, the attackers trick the users into signing up for the costly subscriptions to steal their money.

Here the threat actors abuse the Flurry stat service to seize the notifications from the Google Play Store and the Samsung Galaxy Store apps.

Recommendations

For mitigations, the cybersecurity researchers have recommended:-

  • Avoid downloading APK’s from unknown sources.
  • Always check user reviews before downloading any applications.
  • Be cautious about the permission requested by the apps during the installation.
  • Always monitor the battery and internet data consumption.
  • Make sure to enable the Google Play Protect. 
  • Always use a robust mobile security tool.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...