77 Malicious Android apps on Google Play
Malware Activity
Summary
Hide ▲
Show ▼
A malicious Android app campaign on Google Play expanded to 239 malicious applications with 42 million downloads, up from the earlier 77-app wave and 19 million installs. Zscaler ties the broader activity to mobile malware that increasingly uses phishing, smishing, SIM-swapping, and payment scams to steal financial information and login credentials. The activity includes Anatsa, Android Void (Vo1d), and Xnotice, with the report also noting heavy impact across India, the United States, and Canada.
Related Happenings
Mirax Android banking trojan with residential proxy nodes
Malware Activity
First: 13.04.2026 17:30
Last: 13.04.2026 17:30
Sources 1
About this happening:
Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Mirax Android banking trojan with residential proxy nodes
Malware ActivityAbout this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware Activity
First: 03.04.2026 12:10
Last: 03.04.2026 12:10
Sources 1
About this happening:
The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware ActivityAbout this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
Google Android developer verification rollout for sideloaded apps
Security Tool/Service
First: 31.03.2026 21:28
Last: 31.03.2026 21:28
Sources 1
About this happening:
Google is rolling out **Android developer verification** for apps distributed outside **Google Play**, tightening sideloading controls to make anonymous abuse harder. The first en...
Google Android developer verification rollout for sideloaded apps
Security Tool/ServiceAbout this happening: Google is rolling out **Android developer verification** for apps distributed outside **Google Play**, tightening sideloading controls to make anonymous abuse harder. The first en...
IPTV app lure campaign distributing Massiv Android banking malware
Campaign
First: 19.03.2026 12:13
Last: 19.03.2026 12:13
Sources 1
About this happening:
A **recent IPTV app lure campaign** is distributing **Massiv Android banking malware**, putting users who seek **free or low-cost live sports broadcasts** at risk of device compro...
IPTV app lure campaign distributing Massiv Android banking malware
CampaignAbout this happening: A **recent IPTV app lure campaign** is distributing **Massiv Android banking malware**, putting users who seek **free or low-cost live sports broadcasts** at risk of device compro...
Perseus Android note-stealing and remote-control malware activity
Malware Activity
First: 19.03.2026 12:13
Last: 19.03.2026 12:13
Sources 1
About this happening:
The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...
Perseus Android note-stealing and remote-control malware activity
Malware ActivityAbout this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...
Timeline
-
25.08.2025 19:37 2 articles · 9mo ago
Zscaler finds 77 malicious Android apps on Google Play
Initial DisclosureZscaler ThreatLabs identified 77 malicious Android apps on Google Play that had been downloaded more than 19 million times and were delivering Anatsa (Tea Bot), Joker, Harly, adware, and maskware to Google Play users. The latest Anatsa activity expanded targeting to 831 banking and cryptocurrency apps, and Google removed the apps after the findings were reported.
Show sources
- Malicious Android apps with 19M installs removed from Google Play — www.bleepingcomputer.com — 25.08.2025 19:37
- Malicious Android apps on Google Play downloaded 42 million times — www.bleepingcomputer.com — 04.11.2025 22:26