Google's Play Protect is alerting affected users, but manual uninstallation is crucial

Google has removed 77 malicious apps from the Google Play Store following a comprehensive security investigation triggered by reports from cybersecurity researchers. These apps had been downloaded more than 19 million times, putting millions of Android users at risk from sophisticated malware attacks.
Malware threats uncovered
Among the malicious apps identified was the highly dangerous Anatsa banking Trojan (also called TeaBot). This malware specifically targets banking and cryptocurrency credentials across over 800 financial institutions worldwide. Anatsa uses stealth techniques like obfuscation and encrypted code to evade detection, allowing it to steal sensitive information and enable fraudulent transactions.
In addition to Anatsa, many of the removed apps contained variants of the Joker malware family. Joker malware stealthily steals SMS messages, contacts, and device information, and enrols users in unwanted premium services that may result in financial loss. Other malicious payloads included maskware, which disguises dangerous behaviour under seemingly legitimate app functions.
How the malware apps operated
The malicious apps infiltrated the Play Store by initially presenting themselves as benign and useful tools such as document readers, photo editors, keyboards, and health tracker applications. After installation, they acted as “droppers,” connecting to remote servers to download harmful secondary payloads in the background, often bypassing app review processes.
Google’s response and user safety measures
Google’s Play Protect security feature alerts users who have installed these apps, prompting them to uninstall the dangerous software. However, Google warns users that apps removed from the store will remain on devices until manually deleted, potentially continuing to pose risks.
To curb the spread of harmful software, Google has ramped up its Play Store enforcement, removing nearly 4 million apps and over 155,000 developer accounts for policy violations in 2024 alone. New developer verification requirements cover sideloaded apps as well, improving overall ecosystem security.
Expert advice for users
Security experts advise Android users to remain vigilant by verifying app sources, carefully reviewing permissions, reading user feedback, and sticking to apps from verified, reputable developers. Regular updates and maintaining active Play Protect functionality are also critical to minimising exposure to malicious apps.
Larger context
This crackdown is part of Google’s broader effort to combat the rising sophistication of mobile cyber threats and protect users in a rapidly evolving landscape. Although Google’s removal of these apps is a significant step, the shared responsibility for digital safety includes cautious behaviour by end users.
Published: 01 Sept 2025, 10:44 am IST
Related Topics
Get Latest Mathrubhumi Updates in English
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.

