Google Play Store, the official store for Android apps was found to have distributed over 200 malicious apps with collective downloads surpassing 8 million.

The most common threats distributed via these apps were found to be info-stealers, capable of capturing SMS and subscribing users to random services, adware, loan installers, and banking trojans.

Most of the apps containing the malware were published under tools, personalisation, photography, productivity and lifestyle categories.

The malicious apps were distributed over a period of one year between June 2023 and April 2024 and were identified by threat intelligence researchers at Zscaler.

While malicious apps are distributed across the globe, over the past year India and U.S. have emerged as the most targeted countries by mobile malware, Zscaler’s mobile threats said.

The report further shows a significant increase in spyware infections, with the education sector being the most targeted.

And though Google has a system in place to keep malicious apps out of its app store, threat actors constantly try new tricks to bypass the verification process.

Earlier last year, Google shared that threat actors were using a new method, dubbed “versioning” to deliver malware through application updates. The method involves the use of threat actor-controlled servers to push out malware to users via updates to the app.