Google Play Store removes 331 malicious apps with 60 million downloads for stealing user data | Technology News

Google Play Store is the largest and most widely used app store on Android devices for a good reason. But security researchers recently identified around 331 malicious apps that bypassed Android 13’s security features.
The operation, named “Vapor”, was first uncovered by IAS Threat Lab in early 2024 It found out that 180 apps that were available on the Google Play Store sent more than 200 million fake ad requests. The number was later increased to 331 by the security firm Bitdefender, who warned that these ads “display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.”
Apps part of the Vapor operation could also hide themselves with some even capable of renaming themselves in Settings to mimic legitimate apps like Google Voice. As it turns out, these malicious apps were able to launch themselves in the background without any user input and hide from the Recent Tasks menu.
Some of them even displayed full-screen ads and disabling Android’s back button or gesture. What’s more dangerous is that some of them even displayed fake login pages for websites like Facebook and YouTube and even asked for credit card information.
In a statement to Bleeping Computer, a Google spokesperson said that “all of the identified apps from this report have been removed from Google Play.”
Some of these apps also renamed themselves to legitimate applications and even replicated the icon. (Image Source: Bitdefender)
How were these apps able to bypass Google’s security mechanisms?
Bitdefender added that in some cases, some of these apps offered some sort of functionalities, which is how they were published on the Google Play Store. Later on, threat actors behind the operation added malicious functionalities that allowed them to display full-screen ads and start without user interaction in the background. As it turns out, some of them even tried to collect user data like credit card numbers and passwords.
Story continues below this ad
Some of these apps displayed full-screen ads and disabled the back gesture or button. (Image Source: Bitdefender)
According to security researchers, these apps disguised themselves as simple utilities like expense tracking apps, health apps, wallpaper apps, and QR scanners. Some of these include AquaTracker, ClickSave Downloader, Scan Hawk, Water Time Tracker and Be More, and TranslateScan, with each having more than 1 million downloads.
And while they were published on the Play Store from different developer accounts, each publisher had only a handful of apps to avoid suspicion. Bitdefender claims that these apps were mostly uploaded on the Play Store between October 2024 and January 2025, with some developers publishing apps till March.
© IE Online Media Services Pvt Ltd