Sometimes Android users have to download murky apps from Google Play. By “murky” we mean unfamiliar apps, apps from small publishers, and so forth — not the likes of Evernote, Dropbox, banking apps, or other popular programs. It might be a specialized engineering calculator, for example, or an alternative music player.

Many such apps exist in the Google Play store — thousands of them, in fact. And choosing isn’t easy. Seasoned Android users recommend going with the apps that have been downloaded the most times, the highest-rated apps, or the apps reviewed by the most people. It seems to make perfect sense.

The Check Point mobile threat prevention research team discovered a new Android malware on Google Play, called “DressCode,” which was embedded into more than 40 apps, and found in more than 400 additional apps on third party app stores.

Check Point notified Google about the malicious apps, and some have already been removed from Google Play. The oldest apps were uploaded to Google Play on April 2016, where they remained undetected until recently. Some of the apps reached between 100,000 and 500,000 downloads each. Between 500,000 and 2,000,000 users downloaded the malicious apps from Google Play.

Prisma, the app that became a global sensation with its ability to turn your photos into works of art, has become a honeypot for cybercriminals, with fake versions appearing in app stores vying to steal your personal information.

Capitalising on the popularity of the transformation app several, fake versions loaded with sly tricks such as fake surveys to capture users' data, as well as dangerous Trojan downloaders, snuck onto the Google Play Store. According to a blog by ESET, who discovered these fake apps among the five Trojan downloaders on Google Play, two have phishing functionality implemented that could probably be executed via the downloaded module.

Google has removed an Android app from the Play Store after security researchers from Symantec noticed the application was secretly scanning and stealing personal photos and videos from users' devices.

The app is HTML Source Code Viewer, and it was developed by a developer named Sunuba Gaming. At the time Google removed it, the application had between 1,000 and 5,000 installs. The app's moniker is self-explanatory, and it allowed users to view the source code of a Web page. Users only had to enter a URL, and the application retrieved that site's source code and printed it on the screen. According to Symantec, the app did a little more than that.

Five apps on Google Play carry Viking Horde, a new malware family that ropes Android devices into an ad-clicking botnet, but can also make them send out spam, send SMS messages to premium-rate numbers, download additional apps, and even participate in DDoS attacks.

The discovery was made by Check Point researchers, and they have notified Google about it on May 5, but as I’m writing this, the apps are still available on Android’s official app store. The most popular of these is Viking Jump, which was installed by at least 50,000 users, despite the poor ratings and reviews that point to its questionable nature.

Security researchers have discovered 104 Android apps that exhibit a combination of adware and spyware features, collecting information on users in order to deliver malware to infected victims. The malware family is distributed to its victims as Android apps directly from Google's official Play Store.

Most of these applications are blatant clones of more popular apps and games, and some of them don't even exhibit the functionality with which they were advertised. The apps range from image editing software to live wallpaper apps, and from simplistic games to instant messaging services.

Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images. The rogue apps were discovered by researchers from Russian antivirus vendor Doctor Web and were reported to Google last week.

Malicious Android apps were a common occurrence on Google Play until a few years ago when Google implemented more rigorous checks. This included an automated scanner called Bouncer that used emulation and behavior-based detection. Bypassing Bouncer detection is not impossible, but is hard enough to keep most malware creators away.

Thirteen more malicious apps were struck from Google's Play Store at the end of 2015 after having been discovered to be stricken with the Brain Test malware.

Named for an app discovered on the Play Store by Check Point, the Brain Test malware gains root privilege to Android devices and downloads application packages to the infected phone, allowing the adversary a free ride with the unlucky victim's device. Brain Test was discovered by cyber-security researchers at Check Point in September. They noticed that not only did the malware cling remora-like to Play Store apps but basically made the infected device its own once the malware was securely in place.

Within the past month, malware disguised as an Android game twice made its way into the Google Play store and each time had between 100,000 and 500,000 downloads – making for a potential total infection rate of one million users.

The threat is a working game called Brain Test and it was identified by researchers with Check Point. Currently it has only been observed pushing advertisements, but the malware is quite advanced – it uses tricks to bypass app vetting system Google Bouncer, it uses privilege escalation exploits to gain root access on the device, and it takes steps to maintain persistency so it cannot easily be deleted.

Security researcher Will Dormann of the US Computer Emergency Response Team (CERT) has reported this week that over 350 apps from the Google Play and Amazon App stores have been compromised due to a flaw that fails to validate certificates over a secure socket layer.

The bug, which opens up many popular mobile applications such as the eBay mobile shopper and the Microsoft Tech Companion to fairly rudimentary man-in-the-middle attacks, has been tracked and logged by the CERT team for only about a week now. But instead of waiting the standard 45-days to silently communicate the problem to the affected companies in order to give them a chance to get out in front of the issue with appropriate patches.