One of these applications has been downloaded more than 100,000 times before being detected and removed. Google has not yet commented on the incident.
When you download an app from the Google Play Store to your device, most of us assume that Google has already moderated the app. Although Google is working very well on its regulations, with 3.5 million apps and still growing, some malicious apps are out of their hands.
And those apps use the processor on your smartphone to dig up electronic money. Kaspersky Lab researchers have discovered many Android apps on the Google Play Store that originally looked like game types, sports stream applications, and regular VPNs, but the true essence of the app is digging into hidden electronic money illegally.
Most applications that use the secret code to dig up electronic money are often related to the football theme. Kaspersky Lab found a Portuguese football stream application, with most users from Brazil, has been downloaded more than 100,000 times.
When the user views the ball, a JaveScript code will be triggered underground and start performing electronic money digging. The victim does not detect a sudden change in CPU performance because of the nature of the application that uses a lot of processor power.
More sophisticated, other applications monitor the performance of the CPU as well as the temperature to ensure that the code does not use too much of the processor resources to prevent users from being detected. After all, if your phone becomes overheated even if you do not do much, you will obviously feel suspicious.
CPUs on smartphones are not so strong compared to laptops or desktops, though, with so many Android phones today, bad guys can still make a profit from this unauthorized activity.
After detecting these fraudulent applications, Kaspersky Lab sent a notice to Google, asking them to remove them from the Google Play Store. However, Google has not yet issued any notice of the incident or said how they will change the policy to limit similar cases to occur in the future.
Google has previously announced that it will remove any extension related to electronic money digging on the Chrome Web Store. Maybe they will do the same for the Google Play Store after the findings of Kaspersky Lab report.