Google has recently warned Android Chrome users that an app called “Magic Browser” that has been downloaded thousands of times has been removed from the Google Play Store as it was discovered to infect smartphones and leave users with a huge cell phone bill on their hands. The app which was cleverly built to resemble Google’s popular browser has first made its Google Play entrance on the 15th of May. By the time the malware app was removed it managed to get downloaded more than fifty thousand times.

First discovered by Kaspersky Lab, the app was sending exorbitant rate text messages to different parties while also deleting the confirmation messages: “It not only uses around a dozen methods to send SMS, but also initialises these methods in an unusual way: by processing web-page loading errors using a command from the CnC; and it can open advertising urls”

The security firm reported the app alongside another freshly discovered malware app “Noise Detector” to the search engine company who took them down in a matter of hours after it was prompted.

Reportedly both apps belong to a group called Ztorg, notorious for creating such apps with the capability to exploit well-known Android vulnerabilities while also gaining root access of the infected devices, meaning that are also hard to get rid of.

Even though the apps described above did not have the capabilities to root their hosts yet, according to Kaspersky Lab, the feature was in the works back at Ztorg :”So I think that the authors are still testing this malware, because they use some techniques which can break the infected devices. “But they already have a lot of infected users on whom to test their methods. I hope that by uncovering this malware at such an early stage, we will be able to prevent a massive and dangerous attack when the attackers are ready to actively use their methods.”

This is obviously not the first time Google has taken such measures when it comes to infected Google Play Store apps. Another example of such app being “colourblock” which also attempted to root a device without any user permissions.

In conclusion we are glad that Google does not take long to exclude potential threats to its Play Store users, deleting the listings in minutes after the initial report in some cases. On the other hand we would love to see better inclusion criteria and more deep testing when it comes to new apps that aim to get in.