Well, well, well. As if we planned it, the internet ecosystem has a wicked sense of humour. Just as we were stewing on Google’s big announcement about “raising the wall” to make the Android world a safer place, a spanner has been thrown into the works, and it’s a big one.
In perfect timing, The Register has delivered a story that makes Google’s new policy look a little… well, awkward. A security firm called Zscaler’s ThreatLabz has apparently found a whole heap of apps full of malware, 77 of them to be exact, that somehow managed to set up shop right inside the Google Play Store.
Yes, you read that correctly. These aren’t some sketchy APKs you find on a corner of the internet. These are apps that were sitting there, under Google’s watch, downloaded over 19 million times.
The malware in question isn’t your average, annoying-ad-pop-up type either. We’re talking about an upgraded version of something called the Anatsa banking trojan.
Think of it as a digital pickpocket that not only knows how to keylog your passwords but also intercepts your text messages to bypass security codes from your bank.
The report also found other familiar villains, like Joker, a malware that specialises in stealing your credentials.
This has to be the proper use of the word ‘Irony’
The irony here is unbelievable. Google says it’s introducing new rules to verify developers outside of the Play Store to create “accountability” and prevent the spread of malware.
And yet, this report shows that some of the most dangerous malware is already operating from what is supposed to be the safest place, the Play Store itself.
It’s a good reminder that security is never a settled matter. It’s an ongoing game of cat and mouse. Google can build a fortress, but if the bad guys have already found a way to tunnel in from the inside, a new gate on the outside isn’t going to solve the problem.
This isn’t to say Google’s efforts are pointless. Any step towards greater accountability is a good thing. But this news makes it clear that the most pressing security challenge might not be with the apps that are sideloaded, but with the ones that are already living in the Play Store itself.
It’s a humbling lesson for all of us, especially Google. The battle for digital security never stops, and we should never assume that any single solution is the final answer.
Oh, by the way, Google says they picked up on the flaws in the report and already protected against the malware before Zscaler’s report came out.
Leave a Reply