Google bans 13 apps that secretly download other malware

by: Kris CarlonJanuary 8, 2016


The Google Play Store can be a sketchy place, with less-than-honest app developers sneaking all manner of corrupt and malicious content into the Android market place. Occasionally even very popular apps get unmasked as malware, like 13 that have just been banned by Google, in the process revealing it was the malware itself that made them so popular.

nexus 5x first look aa (22 of 28)See also: Study finds 87% of Android devices are insecure due to lack of security updates73

The whole thing works like an organized crime ring. Fully functioning apps that seem, on the surface, to be innocuous secretly download other apps in the scam ring, artificially boosting their download numbers. Some even have the ability to leave positive reviews and ratings without the owner’s knowledge. As each new app is installed the cycle begins again.

Brain Test malware Google Play ratings

Others seek root privileges (without the owner knowing) with the intent of surviving a factory reset if the victim ever suspects something is amiss. As the Lookout Security researcher that uncovered the scam notes: “Specifically, it attempts to detect if a device is rooted, and if so, copies several files to the /system partition in an effort to ensure persistence, even after a complete factory reset.”

Sadly, this kind of underhanded approach isn’t even new, with several other “malware families” recently using a similar tactic. The scary part of these app families, known as Shedun, Shuanet and Shiftybug, is that they could auto-root a device in order to install themselves on the system partition. The only upshot is that these apps were found in third-party Android market places, not Google Play.

Android Lollipop Nexus 7 factory reset restoring

By contrast, the apps that have just been uncovered have managed to sneak the same malicious code into the Play Store itself, making them that much more sophisticated and dangerous. A part of the Brain Test family, these 13 apps had been installed on millions of devices and had excellent user reviews. As mentioned above though, these figures were manufactured by the malware itself.

best antivirus android appsSee also: 15 best antivirus Android apps and anti-malware Android apps234

If you’ve installed any of the following apps you might be affected, but Lookout assures users of its app that they are protected. Unfortunately, there isn’t a simple solution for removing the threat either. If the apps have gained root access, uninstalling them through the Android system or Play Store, or even factory resetting your device, might not have any impact.

  • Cake Blast
  • Jump Planet
  • Honey Comb
  • Crazy Block
  • Crazy Jelly
  • Tiny Puzzle
  • Ninja Hook
  • Piggy Jump
  • Just Fire
  • Eat Bubble
  • Hit Planet
  • Cake Tower
  • Drag Box

The only real solution is to install a root explorer and go fishing for any suspect files, but even then you’ll have to know what you’re looking for. The only sure-fire way to remove the threat is to re-flash a manufacturer ROM, a process beyond the reach of some Android users. There are plenty of guides on the process for individual devices, but if you’re at all concerned, it’s probably best to contact your manufacturer for assistance.

Do you use an antivirus app? Have you ever been affected by malware?


  • Bali Arif

    thank you google!

  • Craig Cook

    This is why some people talk crap about the Android platform. Because stuff like this can happen. I mean it’s great that Google found them and banned them, but a lot of damage has been done. And the victims have no idea. I’m pretty sure those that have installed these apps don’t read XDA…

    • PC_Tool

      “but a lot of damage has been done.”

      Download numbers have been artificially inflated by the apps themselves, and while a quick read of the article seems to imply these 13 apps can gain root on their own – they cannot. They could only try to access root on an already rooted device (FWIW, T-Mobile has an app that does this…).

      So “a lot” is hardly backed by anything remotely resembling facts. :-)

  • Siddhesh Dalvi

    All Cheetah Mobile apps should be next

    • Пешо Пешев


      • The Prophet

        because they are same shit that slows device down + unwanted ads, totally agree with this guy

        • Пешо Пешев

          Did I ask you? And maybe you are a fucking moron- “free app” ALWAYS means “unwanted ads”…

          • Nonoy Pinoy

            Then don’t post a question if you don’t want an answer asshole.

          • ASYOUTHIA

            ⬆ works for Cheetah Mobile

    • darktek

      Damn right! Some of Cheetah’s products tried to get root access on my device through vroot (now has a different name tho).

    • Falenone

      And almost all the flashlight apps

    • Jim

      Every 2 or 3 months I get suckered into trying one of their apps or even their launcher, and I instantly regret it.

    • Juragaan Bensin

      Cheetah Mobile’s Clean Master want access to microphone, take picture, see my contact and a bunch other things that this kind of apps should not have. I gave them 1 star review, and a bunch of my friends do too, and we’re all got an answer from their person that they need it for some bullshit

  • Modman

    They talk crap about the Android platform because they don’t research anything. it isn’t Google’s fault. if you can’t learn to read or do your own research join Hitler in apples walled garden. There are almost no options. an Android device can be reformatted just like a windows pc. if you can’t do your own troubleshooting, maybe Android is not the platform for you.

    • Guest123

      Or maybe this world isn’t for them. Everything will soon be connected and it’s best to know how to fix some stuff yourself than wait for the company to act on it sometimes.

    • Craig Cook

      I’m pretty sure the description in these apps don’t tell you that they install malware and root your phone. Also, you can’t expect Aunt Trudy to do this research you’re talking about. She want’s to play a game, she’s going to install the first one that appeals to her. I do in fact hold Google mostly responsible for this.

      • Modman

        News flash. Most people just play candy crush or minion run. The most popular apps haven’t been infected. And this is blown way out of proportion.

      • thereasoner

        “Specifically, it attempts to detect if a device is rooted, and if so, copies several files to the / system partition ”

        It doesn’t root your phone, it just has the ability to write code on a rooted phone. Aunt Trudy doesn’t root her phone or change her security settings. If she does then she should know that you take your chances when doing so.

        • Some can also root the phone. I have rooted some phones without going to a recovery.

  • Arman

    And that’s why i don’t play games on my phone. Most of the adware and malware are in games.

    • David Barajas

      Staying away from the freemium garbage will help a lot.

  • Arman

    The real question is do they get detected and caught by antivirus when installing.

    • zerocool

      google the apk, download and try.

      • Arman

        That’s actually a great idea!

    • thereasoner

      Lookout Antivirus , who discovered these apps, said that their service does detect them so I would imagine that the others do or will soon enough.

      • Arman

        Yes, I think having an Antivirus is a must nowadays.. Not sure why some people still don’t have it!

  • bass2style

    my only malware apps are Facebook and Facebook messenger. haha.

    • The Prophet

      which eats about 600mb ram (both, thanks god :D)

      • bass2style

        and same storage usage. cache-abuse… about 250mb Dalvik/ART Cache, etc… :(

  • Aaron

    Please also ban the crappy Facebook and Facebook Messenger apps that didn’t follow the material design guidelines. Snapchat too.

  • Justice Anthony

    where’s the list of apps?

  • Muhammad Abdullah

    How to enable Download APK option on Google Play Store?
    As shown in screen shots after Install button.

    • Great Dude

      By installing an extension on google chrome.

  • Teo Jia Rong

    What are the apps? Its not mentioned anywhere is it?

    • GoatsLegsUK

      At the end of the article, there’s a collection of bullet points: each gives the name of one of the apps… If you can’t be bothered to scroll up, here they are:

      Cake Blast
      Jump Planet
      Honey Comb
      Crazy Block
      Crazy Jelly

      Tiny Puzzle
      Ninja Hook
      Piggy Jump
      Just Fire

      Eat Bubble
      Hit Planet
      Cake Tower
      Drag Box

  • Big Steve

    S-off Sunshine app I heard it contain malware too

    • Justin Case

      They big steve, you want to back this statement up? I’m one of the sunshine developers, I have been fighting malware and security issues for years professionally. My name is all over SunShine, the trademark and copyrights have my name on them. Why the hell would I pack malware in SunShine? Seems like a good way to ruin a professional reputation, and end up in jail.

    • nihonjp

      It might be mentioned as malware due to its protection to not get tampered with isn’t a big risk that’s the issue. The reason why it’s might be mentioned as malware is because of it being a “hack” tool to unlock your bootloader.

  • Modman

    At least google took action. Apple just lies and tells its users it doesn’t get viruses. Which is a straight up lie.

    • AJ Edwards

      Apple does not do that. Quit lying yourself. When Apple has an issue they address it just like Google does. Grow up. Both the app stores are so freaking big now it is hard to monitor it 100%. Don’t get your feelings hurt just because Android had an issue.

      • Modman

        It has plenty of issues and plenty of solutions for those issues because everyone can contribute. It isn’t closed source. Has options apple will never have since apple is closed source. Has a phone in every size shape color to appeal to all different people. Has a phone for every budget. There is a little risk to that but the benefits outweigh the negative. Its the most widely used mobile platform so just like windows its a target.

  • How hard it is to ban Clean Master and her gazillion clones?! Those are the REAL malware delivery systems…

  • McLaren F1P1

    I still see Piggy Jump on play store!

  • Person Dude

    They should ban Verizon’s stupid DT Ignite app, the one that reinstalls Verizon bloatware on your phone if you delete it. Totally a scumbag app and always the first app I disable!

  • Modman

    Dude name more than 5 people who use more than just candy crush minion run or other popular games. How many people actually try just any old app. Yes I’ve heard wild stories about how apple is magic.

  • Damak9

    OK, so this basically means that no one checks the submitted developer apps before publishing? And that there is no approval process at all. Damn Google.

  • Devin Bresee

    Does anyone remember the mp3 downloader app with the heart widget that let you download full songs and had nyan cat as the downloading bar

    • Frank Bank

      yeah I remember it I’ll never forget that day I was about to download Sinead O’Connor’s nothing compares to you when all of a sudden my toilet blew up and my alerts are going off on my phone it was a sad day in the history of downloading for me anyways

      • Devin Bresee

        What Was The Name Of The App then

  • Frank Bank

    damn it I was just getting good at that eat bubble game I mean I was on the third level eating Bubbles and all of a sudden my phone caught fire bursting my bubble I’m so bubble down LOL I’m going to go get cake blasted