These apps are leaving malware all over your Android

These apps are leaving malware all over your Android
Grace Sweeney

Grace Sweeney

  • Updated:

Google recently released its annual Android security report, which covered 2018’s biggest malware trends.


The report found that there are a lot of scammy apps in the Play Store, with the amount of downloaded malware up 100% since the year before.

However, Google downplayed the findings, stating that the bulk of the PHAs (potentially harmful apps) available for download were click-fraud apps.

Yet, it’s hard to ignore the sheer volume of reports about the platform and the security risks lurking inside seemingly harmless apps. The malware program Trickbot was recently found in a large number of devices around tax season.

For Android, we found the worst offenders and the sheer number of downloads these malicious apps had:

Android malware list

The Android malware list just keeps getting longer, proving that Google’s filters need some work.

Here are the latest developments in Play Store malware news:

Aggressive adware

Avast’s cybersecurity team recently found roughly 50 apps in the Play store pretending to be “lifestyle” apps, but install malware on user devices in an effort to get as many clicks as possible.

HiFit app
One of the apps in question

According to the report, the SDK is easy to spot in the code. However, checking the code for signs of adware is not necessarily something most people know how to do.

If you’d like to see what adware looks like in action, here’s a short clip:

Check Point

Check Point researchers found a code called Simbad in just over 200 Android apps in the Google Play store. They found it had been downloaded a total of 150 million times.

Simbad is an adware code hidden inside a software development kit or SDK. It is designed to install adware on your phone without your knowledge, then displays ads.

Check Point infographic
Infographic courtesy of Check Point

The Check Point investigation found that apps containing the code made it look like the user was clicking on ads repeatedly. The fraudulent clicks are an effort to generate ad revenue, and the activity takes place without the user’s knowledge.

According to Bullguard’s security blog, these are the top 10 downloads from this batch:

  • Snow Heavy Excavator Simulator – 10 million downloads
  • Hoverboard Racing – 5 million downloads
  • Real Tractor Farming Simulator – 5 million downloads
  • Ambulance Rescue Driving – 5 million downloads
  • Heavy Mountain Bus Simulator 2018 – 5 million downloads
  • Fire Truck Emergency Driver – 5 million downloads
  • Farming Tractor Real Harvest Simulator – 5 million downloads
  • Car Parking Challenge – 5 million download
  • Speed Boat Jet Ski Racing – 5 million downloads
  • Water Surfing Car Stunt – 5 million downloads

You can read the full list here. It might be a good idea to check it out if you have a thing for games that let you drive anything from tractors to emergency services vehicles.


It was recently discovered that hackers hid government spyware in plain sight inside Android apps on the Play Store.

While the malicious decoy apps appear to be hidden in the Italian version of the store, this discovery shows that Google’s filters aren’t as airtight as they say.

Exodus in the Play Store

The government spyware, known as Exodus, could extract passwords, chat logs, contacts, and recordings from rooted phones. It also collects basic details about a phone.

It’s worth pointing out that Google patched a Linux exploit called DirtyCOW back in 2016 to block access.

This means any new or recently-updated phone is immune to the attack, provided you stick with the phone’s built-in security settings. It’s when you start messing around with the customization options that you get into trouble.


Gutstuff is a trojan targeting crypto investing apps. It is aiming for “mass infections and maximum profits.” How’s that for a corporate mission statement?

How Gutstuff works is through a good old-fashioned phishing attack by way of “web fakes.” Hackers set up apps that look like regular applications such as BitPay, Coinbase, and Bitcoin Wallet, as well as traditional banking institutions like Bank of America and Wells Fargo.

Infected users attempting to use one of the applications will be redirected to a fake page. From there, they’ll enter sensitive details so that hackers can steal from their accounts.

Signs that your Android has malware

Phone malware

Look, while Google says that most malware isn’t malicious, it can slow you down.

According to Norton Antivirus, malware is often programmed to perform repetitive tasks that use up your phone’s resources.

If you’ve been racing a lot of tractors or using third-party lifestyle apps, you might notice the following signs:

  • Your phone is slower than usual
  • The battery drains faster than normal
  • You’re seeing more pop-up ads
  • You’re going over data limits
  • You’ve noticed apps on your phone that you don’t remember downloading

If you notice malware on your phone, turn your phone on safe mode and uninstall the apps in question. If you’re unsure whether your phone is protected, it might be worthwhile to look into a paid antivirus program from a reputable company. After all, many anti-virus apps are adware themselves.

Malwarebytes Download now ►

Do I need antivirus for Android?

AVG android

No, but you do need to be careful.

A report from AV-Comparatives found that most Android antivirus apps don’t do anything but take up space. The reason they can get away with this is most malware isn’t a full-on attack. They instead trigger the little stuff like apps that generate pop-ups or collect information about your personal habits.

AVG AntiVirus Free Download now ►

Given that most malware apps are a racket, you’ll need to get smart about your security settings and what you choose to download.

Most items in the Google Play Store are vetted by Google’s review system. Most of what slips through the cracks are data harvesting apps or some kind of advertising scam, as we’ve mentioned above.

If you want to avoid these apps, keep your wits about you. If something sounds too good to be true or possibly malicious, it probably is.

Grace Sweeney

Grace Sweeney

Grace is a painter turned freelance writer who specializes in blogging, content strategy, and sales copy. She primarily lends her skills to SaaS, tech, and digital marketing companies.

Latest from Grace Sweeney