Google has removed 77 malicious Android apps from the Play Store after they were found to be spreading malware, including the notorious Joker spyware and the Anatsa banking trojan.
The apps had collectively been downloaded more than 19 million times before takedown.
The discovery was made by researchers at Zscaler’s ThreatLabs, who reported that the malicious apps posed as tools, file managers, personalization apps, and other utilities. Once installed, many of them secretly delivered harmful payloads designed to steal user data, intercept SMS messages, make unauthorized calls, or subscribe victims to premium services.
Security experts noted that Joker accounted for nearly a quarter of the malicious apps, while a variant called Harly also appeared in the campaign. Meanwhile, the Anatsa banking trojan—now targeting over 830 financial and cryptocurrency apps worldwide—was embedded in some apps, enabling attackers to capture banking credentials, display phishing pages, and log keystrokes.
Google has since removed the apps from the Play Store, but users who installed them remain at risk. Experts recommend enabling Google Play Protect, reviewing app permissions, and uninstalling suspicious apps immediately. For added safety, users should download apps only from trusted developers and consider using a reputable mobile security solution.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
