This week, Symantec Threat Intelligence's May Ying Tee and Martin Zhang revealed that they had reported a group of 25 malicious Android applications available through the Google Play Store to Google. In total, the applications—which all share a similar code structure used to evade detection during security screening—had been downloaded more than 2.1 million times from the store.
The apps, which would conceal themselves on the home screen some time after installation and begin displaying on-screen advertisements even when the applications were closed, have been pulled from the store. But other applications using the same method to evade Google's security screening of applications may remain.
Published under 22 different developer accounts, all of the apps had all been uploaded within the last five months. The similarity in coding across the apps, however, suggests that the developers "may be part of the same organizational group, or at the very least are using the same source code base," May and Zhang wrote.