TG Soft Cyber Security Specialist - Vir.IT eXplorer: AntiVirus, AntiSpyware, AntiMalware, AntiRansomware and Crypto-Malware protection
Detects viruses and malwareIdentifies polymorphic viruses thanks to DEEP SCANMacro Virus AnalyzerINTRUSION DETECTION TechnologyVirus/malware removal toolsInstallation on Active Directory16/32/64 bit Real-Time ProtectionVir.IT Scan MailVir.IT Console Client/ServerVir.IT WebFilter ProtectionAutomatic Live-UpdateVir.IT Personal FirewallItalian Tech SupportAntiMalware Reserch Center

Submit suspicious file
fb rss linkedin twitter


Vir.IT eXplorer PRO pass the test VB100 2019-06



EICAR Membro SERIT - SEcurity Research in ITaly

13/01/2014 18:49:39 - How safe is really Google Play Store?

Italiano  Inglese

The CRAM (Anti-Malware Research Center of TG Soft) team has carried out a little study on the Android apps distribution platform by Google.

In order to perform a real-world protection test, we decided to connect on Google Play Store and download some of the most popular apps of the market. We have downloaded a total of 500 apps, of which 9 were found to be malicious. According to these number, then, 1.8% of the apps on Google Play are actually malicious.
Of course, this study should definitely not be considered complete. Indeed, the dataset studied is rather too small to asses the overall safety of Google Play Store. However, it can give a rough idea.
Icon App Downloads Malware
Android.Adware.Airpush Talking Tom & Ben News Free
10.000.000-50.000.000 Adware.Youmi
Android.Adware.Airpush Tom ama Angela
10.000.000-50.000.000 Adware.Youmi
Android.Adware.Airpush FIFA 2014 - The Soccer Game
500.000-1.000.000 Adware.Airpush
Android.Adware.Airpush File Manager Pro
100.000-500.000 Adware.Airpush
Android.Adware.Plankton Sketch Pad
50.000-100.000 Adware.Plankton
Android.Adware.Airpush Naked Scanner Magic
10.000-50.000 Adware.Airpush
Android.Trojan.FakeMarket Real Basketball
10.000-50.000 Trojan.FakeMarket
Android.Adware.Airpush Cricket 2014
1.000-5.000 Adware.Airpush
Android.Adware.Airpush Mp3 Cutter - Ringtone Maker
1.000-5.000 Adware.Airpush
In particular, 8 of the malware discovered are Adware which just display annoying, often misleading advertisements and are detected by most of the commercial Android Anti-Virus solution. However, one of them (i.e. "Real Basketball") is a zero-day, or next-generation malware that is not yet detected by any of the commercial Anti-Virus solutions. This is a Trojan which pretends to be nothing less than Google Play itself (which is quite funny since it is distributed on the real Google Play Store)!

Browsing the Google Play Store, the Trojanized app pretends to be a basketball videogame.
However, when you download it, the Trojan will be installed as: "Google Play".
If we launch it, the malware will open the Google Play Store page of Facebook. However, in background, it will start to connect to several web pages at the unbeknownst of the user. Some of these websites are:
In particular, the URLs of the website are of the form:[...]&siteid=[...]&spaceid=[...]&mdoc=[...]
Where pid, siteid and spaceid are differents IDs while mdocwill contain the actual URL that will be opened, such as:
It is very likely the Trojan uses this technique to earn money through the imitation of user's "clicks" on various ads. This cyber attack is known as: click fraud.

All the apps have been all reported to Google. Hopefully, Google will proceed to remove these malware from the market soon.

Paolo Rovelli
Mobile Developer & Malware Analyst
CRAM (Anti-Malware Research Center) by TG Soft S.a.s.

Any information published on our website can be used and posted on other websites, blogs, forums, facebook and/or in any other form both on paper and electronically so long as you always cited source explicitly "Fonte: C.R.A.M. by TG Soft"
fb rss linkedin twitter

Legal & Eula | Privacy | Uninstall

TG Soft S.r.l. - via Pitagora 11/B, 35030 Rubàno (PD), ITALY - C.F. e P.IVA 03296130283