Cybersecurity experts warn Android users about malicious apps on Google Play
Cybersecurity experts warn Android users about malicious apps on Google Play
Publish Date: 2026-02-04 23:07:00
Source Domain: kutv.com
Using an unordered list, summarize the following article with between 4 and 8 key points. SALT LAKE CITY (KUTV) — Cybersecurity experts are warning people with Android phones and devices about malicious apps on Google Play that can slow devices, drain batteries, and expose personal data without users realizing it.The apps, disguised as free tools, have been downloaded millions of times, according to Dave Meister of Check Point Software. “We’ve been tracking an ongoing campaign for a number of months now, something that we’re calling ‘Ghost Ad’.”While he said he was unable to name specific apps, Check Point’s blog describes them as “utility and emoji-editing tools” and includes images of some of the applications. Meister said his team found the apps were operating silently in the background, often without users noticing any immediate signs of suspicious activity.MORE | CybersecurityAccording to Check Point researchers, the apps continued running even after users closed them or restarted their devices by abusing legitimate Android features. The apps displayed blank or persistent notifications and repeatedly restarted advertising activity in the background, draining battery life, consuming data, and slowing phones, while making the apps difficult for average users to remove.The risk extends beyond device performance issues.“It opens up vulnerabilities to be able to exfiltrate data from your device. So personal identifiable information, photos, if you’re using, accessing work information or critical documents on your phone, they can also be put at risk,” Meister said.At its peak, researchers identified about 15 malicious apps, some of which ranked among the most downloaded tools on Google Play.“One of them, and this is very concerning, even got to number two when it came to the top three tools on the Google Store. So not only was there a number of different applications taking this approach, but some of them were some of the highest ranked,” Meister said.Experts say the apps were able to spread because publishing on Google Play is relatively easy.“In this day and age, particularly with the advent of artificial intelligence of AI, being able to create an application has never been easier,” Meister said.Brandon Amacher, director of Utah Valley University’s Emerging Tech Policy Lab, added further context to the overall issue. He said Android’s open platform allows greater leniency for developers.“Historically, Android has had a much more open platform,” Amacher said.He said that because of the open platform, the screening processes do not always detect malicious behavior, especially when apps initially appear legitimate.“Those processes are not perfect in that those initial scans don’t always catch everything, especially a campaign like this, which takes advantage of legitimate processes within your phone,” Amacher said.Amacher said some apps are modified after approval to carry out malicious activity.“The problem is that these applications then later on can be modified by the developer via updates or via remote code implementation, which then changes the application in kind from what it initially was when it was uploaded,” Amacher said.“It’s like, okay, well, we got past the bouncer at the club, and now we’re going to change our behavior,” he added.Check Point advises users to avoid apps with vague names or excessive permissions, review user feedback, and watch for persistent blank notifications.If an app appears suspicious, experts recommend uninstalling it, clearing its data, reporting it to the app store, and reviewing existing apps to revoke unnecessary permissions, such as access to photos or microphones.Experts warn users not to assume top-rated apps are safe.“It sounds like Google did ban some of these apps, but is the threat still there?” 2News asked.“Absolutely. Most of the applications have been removed. We’re aware of one or two that still do exist. But because these malicious actors did have success with these applications, you can expect that there’ll be more that’ll come up in the future,” Meister said._____
