A set of malicious Android apps loaded with adware and malicious code were spotted on Google Play Store. These malicious apps have been installed around 10 million times on various Android devices.

A set of malicious apps

Researchers from Dr. Web have discovered a handful of malicious apps posing as image-editing tools, virtual keyboards, system optimizers, and wallpaper changers on the Google Play Store.
  • These apps were pushing intrusive ads, subscribing users to premium services, and stealing social media accounts.
  • After installation, apps request permission for overlay windows and are added to the battery saver's exclusion list.
  • Apps icons remain hidden from the app drawer or get replaced with a core system component, such as SIM Toolkit.

One such adware app, named Neon Theme Keyboard, is still available on the Play Store. It has over a million downloads, even with a 1.8-star score and lots of negative reviews.

Other types of malicious apps

There are some other similar threats on the Google Play Store.
  • A set of apps were reported packaged with Joker malware, known for levying fraudulent charges on victims' mobile numbers by subscribing them to premium services.
  • Recently, two Facebook account stealers were seen spreading in image editing tools. These apps have been collectively downloaded by users over 1.5 million times.


Android malware keeps getting more sophisticated to circumvent the Play Store’s security and persist within the network for several months. Thus, always verify apps beforehand by checking user reviews and ratings, visiting the developer's website when not sure, and, most importantly, staying aware of requested permissions.
Cyware Publisher