Massive influx of malicious apps on Google Play Store alarms users

In early March 2025, security researchers from Bitdefender discovered a significant malicious campaign targeting Android users through the Google Play Store. This campaign, dubbed 'Vapor' by Integral Ad Science (IAS), involved at least 331 malicious apps that collectively garnered over 60 million downloads. The malicious apps were cleverly designed to mimic useful functionalities, including QR scanners, health tracking, and document converters, thus enticing users to install them without suspicion. Notably, these rogue applications could hijack user screens, making devices almost inoperative. The research highlighted that some apps were gathering sensitive user information such as credentials and credit card data through phishing attacks, raising serious concerns about user security. Google took corrective action, confirming the removal of identified malicious apps from the Play Store while emphasizing that users should not solely rely on automatic protections. Despite Google's efforts, 15 malicious applications remained available for download when the research concluded, underscoring the ongoing risks. Experts implored Android users to proactively remove flagged applications and monitor their app installations for any unusual behavior to enhance their safety and security online.