Google Play Store Alert: 200 Malicious Apps Downloaded 42 Million Times: Learn How to Avoid Them!

Cybersecurity experts have recently disclosed that over 200 apps on the Google Play Store have been downloaded a staggering 42 million times. Their report highlights the latest trends in malware and offers advice on protective measures.

To safeguard its users, Google has implemented various security protocols to combat malicious apps. The Mountain View-based company is even enhancing these measures with a new Android developer verification system soon – a move that has raised concerns among both users and developers.

Despite these efforts, some malicious apps manage to evade Google’s detection. Regularly, Google removes these from its official store, but sometimes the damage has already been done. According to cloud cybersecurity firm Zscaler, for the period 2024-2025, a total of 239 malicious Android apps on the Play Store amassed 42 million downloads.

Increasing Attacks on Mobile Devices: How to Protect Yourself

The study conducted by Zscaler and reported by BleepingComputer reveals several trends. Mobile devices are increasingly targeted, with a 67% increase in attacks compared to last year. The main threats include spyware and banking Trojans. Additionally, criminals are gradually shifting from traditional credit card fraud to exploiting mobile payments, employing various techniques such as phishing, smishing, and SIM-swapping (SIM card number theft), among others.

Experts have also noted that adwares have doubled in the past year, accounting for 69% of all detections. This significant rise makes it the most prevalent threat in the Android ecosystem. Spywares have also surged dramatically: a 220% increase over the year, primarily driven by extortion, surveillance, and identity theft.

There has been a frenetic rise in banking malware over the past three years, peaking at 4.89 million transactions in 2025. However, its growth rate has now slowed, falling from 29% last year to just 3%. As for connected devices, routers remain the favored targets. Cybercriminals exploit their command injection vulnerabilities to turn them into proxies for deploying malware or incorporating them into botnets.

To defend against these threats, several best practices are recommended, such as promptly installing security updates, disabling accessibility permissions, and scanning devices with Google Play Protect, which Google plans to enhance further.