Beware! 100 mn phones have these DANGEROUS Google Play Store apps; Check list and DELETE

470 scamware on Google Play Store apps have surfaced that are so dangerous! Check if your phone has them; know how to stop them.

| Updated on: Aug 21 2022, 23:47 IST
These dangerous Google Play Store apps have been downloaded over 100 million times by users on their phones. Delete them now. (Pixabay)
These dangerous Google Play Store apps have been downloaded over 100 million times by users on their phones. Delete them now. (Pixabay)

In one of the biggest ‘fleeceware' campaigns in recent years, 470 malicious Google Play Store apps have been uncovered that are stealing millions of dollars from users all across the globe. The campaign began about two years ago, when these Android apps were first added to Google Play Store. Since then, the Play Store apps have been cumulatively downloaded more than 105 million times! These dangerous apps can be on your Android smartphone right now and could be stealing your money without you even knowing. Read on to know more about these dangerous apps that steal and how to get rid of them. Notably, these dangerous scamware on Google Play Store apps list have to be removed by users from their phones. These apps have stolen hundreds of millions of dollars.

The report on these Google Play Store apps comes from Dallas-based mobile security company Zimperium. Posting on their blog, the researchers have named this campaign ‘Dark Herring'. What makes these apps on the list dangerous is that unlike most malicious apps that can be easily found out as they have no functionality, these apps work as advertised and make it extremely difficult for a user to identify if the app is a scamware at all.

The Dark Herring campaign

These 470 Android apps were listed across categories on Google Play Store and were majorly part of games, entertainment, productivity tools, photo editing apps etc., according to Zimperium's report. While these apps functioned normally, they would also send users to fraudulent websites. These websites, as part of the campaign, were also disguised to look genuine. The websites were also designed in a way that they would customize themselves to the user's language and country. The pages simply asked the users to enter their phone number for verification purposes. What was really happening was the scammers were signing users up for a recurring monthly charge of Rs. 1100 ($15).

But interestingly, these apps did not charge the user's bank account or Google Play Store wallet as these came with additional layers of security and the scammers would get instantly caught. Instead, the apps directly charged the mobile balance account and stole money from there. For ease of understanding, it would appear similar to subscribing to a value added service on a network carrier. The mobile balance would be deducted and the user would have no way of connecting it with the apps.

Zimperium called it one of the most extensive and successful malware campaigns by the magnitude of the number of Android apps that existed. “The total amount of money scammed out of unsuspecting users could once again be well into the hundreds of millions of dollars,” the report read.

These apps have been removed from Google Play Store so there is no further risk of installing them. However, if you frequent third-party app marketplaces, you may still be at risk of downloading these apps. The more important thing at this point is that, although support for these apps have been discontinued by Google, these apps are still functional and could be siphoning money from the user's mobile account simply because you have not deleted them.

First thing you need to do is to go to this link here and check out the entire list of scamming Android apps. However, it will be difficult to find out if you have any of these apps from a list of 470. Follow the following steps to find out if you have any of these fleeceware apps and how to uninstall them.

How to get rid of these malicious Android apps

Step 1:

Open the list on a desktop or laptop and type CTRL + F to open a search window. 

Step 2:

Type the name of any app installed on your device that you are not sure about. You can ignore apps like WhatsApp, Hotstar, Netflix, Instagram, Facebook or any other apps which are well known. 

Step 3:

Even if you get a match, do not uninstall it right away. Some of these scamwares are using names of genuine apps to confuse users. 

Step 4:

On the list, you can see a column that says ‘Package name’. The column has a string of text beginning with ‘com’. This is a unique ID for any app and mostly is part of any Google Play Store application’s URL. 

Step 5:

Copy paste this URL on your web browser: and then go to the list and copy the package name of the matching malicious app. Paste it after the URL given above and hit enter.

Step 6:

If you are redirected to a normal webpage with the app’s name and description, then you are safe. The app is not involved in any malicious activity.

Step 7:

However, if you are redirected to a blank page, then immediately uninstall the app

Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 28 Jan, 19:06 IST