We all know that Google has had something of a blotted copy book when it comes to keeping its official Android app store, Google Play, free of malicious apps – but who would have imagined that scammers and online criminals would also exploit digital books to spread their attacks?
As Android Police reports, dozens of sellers are selling “guides” in the Google Play Books store offering cracked APKs for just a dollar or two.
But, if you make the mistake of buying at a bargain price, it’s possible that you won’t end up with a pirated Android game, but instead with a smartphone infected with malware.
Hacked APKs are a thing that exists, but how do you deliver them via a book? Each “book” is only a few pages long and contains download links and installation instructions.
Journalist Ryan Whitwam decided to find out precisely what was going on, and downloaded a guide for the game Limbo.
The electronic book was hardly the meatiest tome, including links to a site called Androider – heavily monetised by advertising redirects, and “pages that download suspicious EXE files on your computer and unrelated APKs on your phone.”
In addition, according to Whitwam, there are some “really gross” phishing scams in there too.
What’s clear is that once again Google has failed to properly police and vet content that appears in its Play Store. The only difference this time is that its not malware in the Android app store, but links pointing to malware amongst its popular gaming guidebooks.
Learn more in this report from Android Police, and keep your wits about you.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
One comment on “Now Google Play *Books* are helping Android malware and phishing scams to spread”
Here's an article suggestion: Is there a way to know for sure that a no-name Android tablet you buy from a major retailer isn't pre-loaded with a trojan that sends everything you type in back to the manufacturer?