There are many instances of Android malware in the history. Malware from Play Store is not a new thing. Google Play Store scans applications and finds malware on regular basis. With the help of new feature Google Play Protect Google successfully removed a malware before causing any solid damage.
With extensive analysis of malware, it is revealed that apps successfully managed to bypass Google filters and became available for download. The malware relies on a two stage infection process.
“The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a ‘Backup’ or ‘Cleaner’ app”
“Upon installation, Lipizzan would download and load a second ‘license verification’ stage, which would survey the infected device and validate certain abort criteria. If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a Command & Control server.”
Once infected, the spyware can record calls and sound, track location, click images with the camera, can take screenshots, fetch user information such as messages and app data. The malware could target applications like Telegram, Whatsapp, Gmail, Skype.
According to the report by Google, less than 100 devices got infected with the malware which accounts for less than 1% of Android devices. With Google Play Protect, the malware is successfully removed and the installation on other devices is blocked simultaneously.