A new malware campaign distributed through several hundred applications that were available in Google Play Store has been discovered by the threat laboratory Ias. Call Steaminitially involved 180 applications that Bitdefender subsequently raised to 331 that either worked like adware or tried to steal credentials and user credit card information.
The 331 malicious applications They have already been eliminated from the Google storebut there is a risk that steam reappears through others, since Cybercriminals have demonstrated their ability to avoid Google’s review process.
These apps were presented as tools for monitoring health and physical state, notes and newspapers, battery optimizers and QR code scanners, among others. They managed to overcome Google security reviews because They include the announced functionality and do not contain malicious components at the time of presentation. However, Malicious functionality is subsequently downloaded through updates sent from a control and control server.
‘Applications show out -context ads and even try to persuade victims so that Deliver credentials and credit card information through phishing attacks‘, Bitdefender warns. The greatest number of infections has been reported in Brazil, United States, Mexico, Türkiye and South Korea.
The most downloaded steam apps
The complete list with steam applications can be consulted here. Those that highlight Bitdefender and IAS in their reports are:
- Aquatracker – 1 million downloads.
- Click Downloader – 1 million downloads.
- Scan Hawk – 1 million downloads.
- Water Time Tracker – 1 million downloads.
- Be more – 1 million downloads.
- Beatwatch – 500,000 downloads.
- Translatecan – 100,000 downloads.
- HANDSET LOCATOR – 50,000 downloads.
Applications got on Google Play using several developer accounts, each behind only a few to reduce the risk in case of being eliminated. In addition, each editor uses a different ads sdk. Most steam applications were published on Google Play between October 2024 and January 2025, although some continued to climb until March.
How to cheat android steam applications
Vapor applications They disable your Activity launcherthe main activity of an application that opens when touching the icon and is defined in the Androidmanifest.xml file, after installation, What makes them invisible. In some cases, they change their name in the configuration to look like legitimate applications. For example, by Google Voice.
Then, they run without user interaction and use native code for enable a hidden secondary component while keeping the pitcher deactivated so that their icon remains invisible.
Bitdefender points out that this method eludes Android 13 and later security protections that prevent applications from disabling their own pitcher once active.
The malware also avoids the restrictions of permits system_alert_window in Android 13 and later and creates a ‘secondary screen’ that overlaps that of the user on full screen. The ads are displayed on this screen, superimposed on all other applications, leaving the user without leaving option, since the back button is disabled.
According to IAS, whose report includes only part of malicious apps, with this method they have managed to generate More than 200 million fraudulent advertising requests.
https://www.youtube.com/watch?v=5rs0dxe3vde
Theft of credentials
Some applications go beyond advertising fraud, showing fake login screens Facebook and YouTube To steal credentials or requesting credit card information under various pretexts.
BitDefender recommends android users to avoid the installation of unnecessary applications of non -reliable editors, carefully check the permissions granted and compare the application drawer with the list of applications installed from Configuration> Applications> See all applications.
If you discover that you have any of these applications installed, Eliminate it immediately and performs a complete analysis of the system with Google Play Protect or other mobile antivirus solutions.