A security firm called Zscaler recently discovered a spyware called System Update app from the Google Play Store, which Google immediately removed upon learning of the fake app. The app was downloaded millions of times by Android users.

The “System Update” app, which was launched in 2014, is a fake app that collects private date from the user. This includes the device’s location and certain incoming SMS messages. The data is then sent to the app’s developer. According to Zscaler, if a user tried to open the fake app after being downloaded, the app would prompt a message, “Unfortunately, Update Service has stopped.” However, there is evidence that the app would continue to run in the background.

The security firm informed Google of its discovery; the search engine giant has since removed the app from the Google Play Store. However, the listing’s page showed that the fake app was apparently downloaded between one million and five million times from the Store. The app was an obvious fake as it didn’t have a proper description, no screenshots, and the reviews it received were mostly negative, indicating that the app didn’t work.

Another fake application

Reports are indicating that a particular “Torch app” can imitate banking apps to steal bank details of its users and send the same to hackers.

The app is called “Flashlight LED Widget,” which seems harmless enough, but in fact a malicious Trojan.

When the user launches the app for the first time, it takes a photo of the device’s owner and identifies their location.

When the user opens their banking app, the Trojan creates a fake version of the banking app and is able to collect the user’s credit card or banking details and sends it to hackers. The app was downloaded around five thousand times before Google was able to remove it from the Play Store.

Fake reviews and comments

Meanwhile, fake reviews of certain apps have been reportedly growing for the past years. Apps getting fake reviews are not a new behavior. However, it’s becoming more widespread at an alarming rate, and Google has to respond accordingly. Fake reviews are being given to a variety of apps such as Chrome, Gmail, and Facebook Messenger, indicating that the apps were “fun games.” Fake reviewers provide bogus reviews not to give merits to popular apps such as Chrome and Gmail. Their goal is to leave positive reviews to certain paid apps using the same accounts. These paid apps are often mediocre or even harmful to a user’s device.