How State Spies Are Using Google’s Play Store to Hack Victims

Catherine Harris

By Catherine Harris


Google are not strangers to criticism when it comes to the Play Store. Over the years the app marketplace has come under fire for a range of lapses in security and this new discovery is no different.

It has been uncovered by a security research team from Russian firm Kaspersky, that state-sponsored hackers are using Google’s Play Store to target their victims and gain access to data on their device.

Android security, made simple

Download our FREE Android app Certo Mobile Security from the Play Store and find out if your phone has been hacked in a matter of minutes.

The attack seems to be focused mainly in SE Asia for now with attacks being carried out in Vietnam, Bangladesh, Indonesia, and India.
The experts at Kaspersky have dubbed this attack ‘PhantomLance’ and have noted that the methods through which the attack was carried out is partly why it seems to have been so successful.

For starters, the hackers only targeted a handful of victims (a hundred or so) likely in high-value positions. In addition, it’s thought that the hackers then used phishing emails to send links to the apps on the Google Play Store.

This method of using the Play Store is beneficial to the hackers because of the perceived trust victims will attribute to the marketplace. This makes them less apprehensive about downloading an app and hence making them more susceptible to the hack.

The Kaspersky team is connecting the PhantomLance attack to a group of hackers known as OceanLotus. This is a group who many believe to be working with the Vietnamese government to perform surveillance both domestically and internationally and have been linked to previous attacks on Vietnamese bloggers.

The Malware being installed by the hackers is very specific in nature. It seems to only target and retrieve certain data sets such as GPS locations, call logs and SMS messaging.

It appears this isn’t the first attack of its kind either. Kaspersky has reported finding evidence of lots of similar apps containing similar potential for attacks that were removed from the Google Play Store dating back as early as 2015 – all appearing to be Vietnamese in origin.

Should you be worried about this attack?

For the vast majority of people, there is absolutely no need to worry about this latest attack as this seems to be purely targeting specific Android users.

However, it is important to be vigilant about what apps you are installing onto your device and make sure that you are only installing apps from the official Google Play Store. Also be careful about what links you click in an email, asking you to install an app unless you are 100% sure you trust the source.

If you are concerned about staying protected, install our Android security software – Certo Mobile Security. The app can scan your device for spyware and other security threats, allowing you to safely and completely remove any threats from your Android phone or tablet.