90+ malicious Android apps with 5.5m installs found spreading malware on the Play Store — protect yourself now

A picture of a skull and bones on a smartphone depicting malware
(Image credit: Shutterstock)

Bad apps can wreak havoc on the best Android phones, which is why you always need to be careful when installing new ones. However, even when you download new software via the Google Play Store there’s still a chance that you could end up with a malicious app on your phone.

As reported by BleepingComputer, the cybersecurity firm Zscaler has revealed that it has discovered more than 90 malicious apps on Google Play which were collectively installed 5.5 million times.

While the firm hasn’t provided the names of most of these malicious apps, we do know that many of them impersonated productivity, personalization and health & fitness apps along with other utilities.

Here’s everything you need to know about this latest batch of bad apps including the names of two of them that you need to remove immediately if they’re installed on your Android devices.

Delete these apps right now

As I mentioned before, Zscaler has yet to release the full list of the 90+ malicious apps it discovered over the past few months. However, it did provide info on two particularly dangerous apps in a new report that you should delete immediately if you have them installed:

  • PDF Reader & File Manager by TSARKA Watchfaces
  • QR Reader & File Manager by risovanul

Fortunately, both of these apps have been removed from the Google Play Store and are no longer available for download. However, if you have them installed on your Android phone or tablet, you’re going to need to manually uninstall them.

Dropper apps hiding in plain sight

As we’ve seen in the past, bad apps can slip through the cracks and end up on the Google Play Store. Both of the apps listed above are what’s known as malware droppers and according to Zscaler, together they’ve been installed 70,000 times combined.

These dropper apps are able to bypass Google’s rigorous security checks as they don’t contain malware when uploaded to the Play Store. Instead, the apps communicate with a hacker-controlled command and control (C&C) server after installation to download malware.

In this case, both of these utility apps are being used to infect vulnerable Android phones with the Anatsa banking trojan. This Android malware targets over 650 banking apps in the US, the UK, Europe and Asia in order to steal their financial credentials. In fact, during a malware campaign late last year, Anatsa was able to infect 150,000 Android phones through Google Play using bad apps.

Just like with other banking trojans, Anatsa uses overlay attacks to steal your banking credentials. These overlays are actually fake websites designed to mimic the look and feel of the login pages of popular banking apps. However, instead of logging into your account, you’re also giving hackers your username and password.

Anatsa can also commit on-device fraud by launching banking apps on its own and performing transactions on behalf of victims. Not only does this save the hackers time but it also improves their chances of success since someone logging into their account on their own device doesn’t raise nearly as much suspicion as it would on a different Android phone.

How to stay safe from malicious apps

A hand holding a phone securely logging in

(Image credit: Google)

In order to stay safe from this and other Android malware strains, you’re going to want to limit the number of apps on your phone. Even seemingly innocent apps can be used to drop malware onto your device which is why you really want to ask yourself whether or not you need a particular app before downloading and installing it.

For this reason, you want to stick to bigger, more widely known app developers that have a history of putting out good software. Likewise, you’re much less likely to come across malware when going with paid apps as opposed to free ones. Before installing any app, you also want to check its rating and reviews but as these can be faked, it’s a good idea to look for video reviews online so that you can see the app in question in action before you download it.

To protect yourself and your devices from malware, you want to make sure that Google Play Protect is enabled on your phone as it can scan all of your existing apps and any new ones you download for malware. For additional protection and some useful extras like a VPN or even a password manager, you might also want to look into running one of the best Android antivirus apps alongside it.

In an email to Tom's Guide, a Google spokesperson provided further insight on these malicious apps, saying:

“All of the identified malicious apps have been removed from Google Play. Google Play Protect also protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services.”

Hopefully Zscaler releases the full list of the 90+ malicious apps it has discovered over the past few months. Even if it doesn’t though, this new Anatsa campaign serves as the perfect reminder that you always need to be careful when downloading and installing new software even when it’s from official app stores.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Green skull on smartphone screen.
This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message
One phone with skull and crossbones on screen among several other clean-looking phones.
Malicious iPhone apps are spreading screenshot-reading malware on the Apple App Store — how to stay safe
Google Play logo on an android smartphone with corner hole punch camera
At least 5 North Korean spy apps have been found on Google Play — what you need to know
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far