"Whenever an application is to be downloaded, it is ideal to download it from Google Play or other official repositories such as the App Store. The risk of getting infected by downloading a malicious app is much higher if it is done outside these repositories. However, this does not mean that what is downloaded from official stores is 100% reliable. Several malicious applications manage to get past the security barriers and are available on Google Play until they are reported and removed", said Camilo Gutiérrez Amaya, head of the ESET Latin America Research Lab.

One of the ways in which malware manages to evade Google's controls and barriers is through app updates. This technique is known as "dynamic code loading" or DCL, and is based on the fact that a malicious developer manages to publish a legitimate version on the Google Play Store, but then changes the code and makes it malicious through an update. This subsequent update is made from external servers, but users end up believing that it is a legitimate update from the store, as the cybercriminals simulate the pop-ups from where the download was made.

The ESET team discovered, for example, a Trojanized Android app that had been available in the Google Play store with more than 50,000 installs. The app called iRecorder - Screen Recorder was loaded without malware in september 2021. However, the malicious functionality was implemented later, in a new version that became available in august 2022.

Some points to be considered in order to detect a malicious or fake application on Google Play are:

Position in the ranking and reviews: A first indication may be that the application does not appear at the top of the rankings of the most downloaded. Another alarm could be negative ratings or, on the contrary, if it has too many reviews, when in fact it did not have many downloads.

Appearance: Malicious applications try to imitate the real ones, using similar but not identical logos. It is also advisable to pay attention to the description of the application and check for grammar problems or incomplete data.

There are many examples, such as: banking and loan applications, applications for reading PDFs, screen recording applications, wallpaper applications and even those that take advantage of the cryptocurrency boom, which seek to find unsuspecting victims.

ESET shares some best practices to minimize the risk of getting infected by downloading an application from Google Play:

• Use a security solution for mobile devices that can be trusted to block and remove threats.
• Only trust apps whose link is on the service's official site.
• Keep the device's software up to date.
• Verify the permissions requested by the applications when installing them: if they ask for unnecessary permissions, it may indicate a suspicious intention.
• Check the comments, ratings, number of downloads and who is the developer of the app you want to download from Google Play.

Translated by: A.M