A batch of seemingly harmless apps in the Google Play store that were actually malware in disguise and were used to steal people's bank account logins have been removed from Play, Google confirmed Tuesday. The researchers who discovered the bogus programs said they'd been downloaded by Android users around the world more than 300,000 times, according to an Ars Technica report on the 12 apps.
Mobile security researchers at ThreatFabric found malware designed to steal people's online banking passwords and two-factor authentication codes. They said the malware also logged keystrokes and even took screenshots through people's phones.
Though the tainted apps used a few different methods of deception, the researchers said many of the apps bypassed Google's new security restrictions by first offering people a seemingly legitimate app that initially tested negative for malware. The apps even functioned just as advertised when users first downloaded them.
Once the apps were installed, though, they prompted people to update them. That's when the malware was installed in the form of a Trojan horse, a type of malware characterized by its initially harmless appearance.