Google has become pretty swift at finding and removing fake and malicious apps from its Google Play store, but there is one part of it where malware peddlers still seem to thrive: the “bookstore.”
According to Ryan Whitwam, there are a number of publisher accounts in Google Play that have specialized in offering fake “guides” that will supposedly show users how to download a cracked and cheaper version of popular games for Android.
Most of these guides are sold for a very small price – a dollar or two – and when the offered cracked game is initially free but with in-app purchases, the publishers offer a cracked version without them.
To see what’s going on with these “books,” Whitwam has bought one and found it contains download links and installation instructions (click on the screenshot to enlarge it):
“The links are all connected to a site called Androider, which hides all the supposed downloads behind a wall of ad redirects and pages that download suspicious EXE files on your computer and unrelated malware APKs on your phone. There are also some really gross phishing scams in there,” he says.
The publisher he names – Monster Guides Editor Pro, Johnny Bravo, Leon Master – are just the most prolific ones, and there are likely many more of them. Whether these different accounts are run by the same person or a few of them is impossible to tell.
Whitwam urged Google to take a note and shut down these and similar accounts.
“[You] can’t let scammers run roughshod over the Play Store. Authors and developers rely on the Play Store to make a living, and letting this stuff exist undermines confidence in the ecosystem,” he noted.