Google detects a group of hackers that upload fake apps in the Play Store

It is relatively frequent that discover fake or dangerous applications in the Play Store. Google usually discovers threats, or they are informed by security researchers about the presence of one. Now a series of fake applications have been discovered again that were uploaded in the store, over the years. The interesting thing in this case is that it is the same group of hackers that is responsible for these applications.

It has been Naked Security who has reported on this matter. Over the years, the Russian hacker group Sandworm has been uploading fake apps in the Google Play Store. Many of them have reached user phones, as in many cases. How have they acted all this time?

Fake apps in the Play Store

How to download apps from Google Play without using Google Play

Google discovered the first attack detected originally from Sandworm took place in December 2017 in South Korea. The group used several accounts to Upload eight different applications to the Play Store. It was not a successful action, because there were hardly any downloads (about 10 per application). It is speculated that they were aimed at very specific targets.

Although this attack was not really the first of the group, since a couple of months earlier, in September 2017, it was detected that Sandworm hackers uploaded a fake version of the URK.net application (for email) in the store, which had about 1,000 downloads. Last year they changed strategy, creating backdoors in real applications in Ukraine. This attack was detected in time, before anyone downloaded any of these applications.

So far nothing out of the ordinary, for a group of hackers. The most curious thing about Sandworm is that this group seems to have some connection with the Russian government, which gives another dimension to their actions. It is speculated in fact that this group is the person responsible for the NotPetya attack that took place during the 2018 Winter Olympics. These are some of the attacks of the group that Google has been able to detect, but it is not ruled out that there are more actions on its part.

Sandworm is a relatively veteran group, active since 2014, according to security researchers. This group has not only dedicated to uploading fake applications in the Google Play Store. For a while now they have been detected disinformation campaigns carried out by them in several countries in Africa, such as Madagascar, Sudan, South Africa or the Central African Republic.

You can't rule out that they keep working on Upload fake apps in the Play Store. Google has managed to stop its attacks or attempts quite quickly so far, but it is clear that this group of hackers has the resources to put the security of users on Android in check.