The downloader malware dubbed Android.DownLoader.819.origin malware found on Google play downloaded by more than 51,100 Android users.
The downloader malware is capable of installing other malicious applications on the affected devices and launches them.
Doctor Web security researchers found 14 copies of the malicious application distributed by Quoac developer disguised as games.
The Android.DownLoader.819.origin is a modified version of Android.DownLoader.818.origin which distributed as VPN client.
Once the application is triggered it requests for the read and writes access to SD card and then it forces the users to assign it as one of the mobile device administrators.
If the permission is provided then the malicious app hide’s itself on the device and removes the icon from the screen menu and can be found only in the installed programs list.
Without granting all the permission it is not possible to launch the game app, once the app launched it connects with the remote server and downloads the APK and forces the user to install the malicious app.
It continues to show the installation popup for every 20 seconds until the user accepts to install, the installer is the Android.HiddenAds.728 malware which displays the ads on the infected device every time when the screen is active.
Doctor web researchers sent the report to Google play and the malicious apps were removed from the Google play now.