The Google Play store is riddled with exploits that allow hackers to steal users’ data and then inject malicious code into the devices.
But if you’re one of the millions of Android users who have been hit by an exploit, the time you need to get into the hunt is now.
1:34 Google Play Store ‘very scary’ to use for malware Google’s Play store has been inundated with malware attacks that can turn your device into a cyber-attack machine, according to security researchers.
More than half a million of the more than 40,000 vulnerabilities in the app’s code have been exploited.
“It’s very scary,” said Matt Ritter, a researcher with the security firm FireEye, in an interview with The Register.
“You don’t know what your data is exposed to.”
One of the most common methods of exploiting vulnerabilities in Play’s code is to exploit the Android system’s native malware.
“This malware doesn’t have to be written for Android or any other Android platform,” he said.
“The malware you’re going to see here is designed for Windows, it’s designed for MacOS, it doesn’t even need to run on Android.”
There are also a number of apps that are designed specifically to exploit vulnerabilities in Google Play’s app code, said Ritter.
“They’re probably the most widespread ones,” he added.
The latest Google Play exploit has a range of names, including APT2 and the Pwnage, which were discovered by security researchers in January.
Ritter said these types of exploits are not uncommon.
“A lot of people have probably run these apps before, they’re just used more now, so it’s definitely a growing problem,” he told The Register, adding that it was more common for malware to use a third-party app than its own.
One of Ritter’s favourite exploits, Pwnie, is designed to exploit a vulnerability in the Android OS version of the popular Windows program Wordpad.
It allows the user to send emails to the account, then inject a Trojan horse into the email, sending it to the attacker’s server.
Other apps, like Android Spy, a popular malware tool for Windows and Mac, also have a backdoor embedded in their code.
Ritters said there was no clear evidence that this backdoor was used in Play.
“We’ve seen a lot of exploits with malicious code that actually infects the system and installs a trojan that installs itself,” he explained.
“So there’s a lot more than just one attack being used by Google Play.”
A recent blog post by a security researcher, Christopher Soghoian, suggested Google Play was also being targeted by malware.
“[Google Play] has a lot to do with the malware that’s going around, because there’s this Android malware and Android apps that use Google Play as a base,” he wrote.
“What we’re seeing is a proliferation of exploits in Play, and these exploits are targeting Play’s native code.”
Ritter says he was aware of at least one Android exploit that was targeting Google Play and other app developers.
“There’s a bunch of other Android exploits that use the same base and have the same name, and that’s not a surprise,” he replied.
“If you’re using an Android device, you’re probably using a lot [of Android] apps.”
Riter has written about Google Play vulnerabilities before, including one in March that exposed a vulnerability that allowed the malware to bypass antivirus filters.
“As far as I can tell, Google Play doesn’t do much to enforce this [vulnerability] because it’s so widely used,” he argued.
“I think Google Play should be much stricter about enforcing this kind of thing.
Google has a huge incentive to do that.”
What’s behind the recent Google Play vulnerability?
“Google Play is a massive ecosystem.
It’s the backbone of all of these platforms,” said Ritters.
“Every major operating system has its own Play store, and there are tens of millions of apps, and it’s incredibly easy to find.”
It’s not just Android that has been targeted.
“Google is the major developer of Android.
It has the biggest app store in the world,” he continued.
“And if you look at what Android is, you’ll find that they have an incredibly large number of exploits, and they are being used in all of the major Android apps.”
The fact that Google Play stores Android apps in a database, and even has a ‘Google Play Store’ website, means that many of these exploits will be available to the malicious user.
“When you find these exploits, you can download them and run them on a device and it will run those exploits,” he noted.
“But if you have malicious intent, that’s the same as running a trojans payload in a device.”
It is also possible that Google is just using its app store to store exploits that are already on the market.
“My gut is that Google doesn’t use any exploits to release these apps, they just make them