Now Google Play *Books* are helping Android malware and phishing scams to spread

Google BooksWe all know that Google has had something of a blotted copy book when it comes to keeping its official Android app store, Google Play, free of malicious apps – but who would have imagined that scammers and online criminals would also exploit digital books to spread their attacks?

As Android Police reports, dozens of sellers are selling “guides” in the Google Play Books store offering cracked APKs for just a dollar or two.

But, if you make the mistake of buying at a bargain price, it’s possible that you won’t end up with a pirated Android game, but instead with a smartphone infected with malware.

Hacked APKs are a thing that exists, but how do you deliver them via a book? Each “book” is only a few pages long and contains download links and installation instructions.

Sign up to our free newsletter.
Security news, advice, and tips.

Bogus games guide

Journalist Ryan Whitwam decided to find out precisely what was going on, and downloaded a guide for the game Limbo.

Instructions

The electronic book was hardly the meatiest tome, including links to a site called Androider – heavily monetised by advertising redirects, and “pages that download suspicious EXE files on your computer and unrelated APKs on your phone.”

In addition, according to Whitwam, there are some “really gross” phishing scams in there too.

What’s clear is that once again Google has failed to properly police and vet content that appears in its Play Store. The only difference this time is that its not malware in the Android app store, but links pointing to malware amongst its popular gaming guidebooks.

Learn more in this report from Android Police, and keep your wits about you.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

One comment on “Now Google Play *Books* are helping Android malware and phishing scams to spread”

  1. J Corbett

    Here's an article suggestion: Is there a way to know for sure that a no-name Android tablet you buy from a major retailer isn't pre-loaded with a trojan that sends everything you type in back to the manufacturer?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.