The antivirus company Kaspersky Lab said that over the past two months its experts have found 85 malicious applications on Google Play that steal user data to enter the social network VKontakte. The most popular of these has been installed over a million times, with another seven having between 10,000 and 100,000 installations.
Kaspersky Lab has notified the VKontakte and Google administrations of the threat. At the moment, all detected applications containing malicious code have been removed from Google Play.
Most of the applications were disguised as various add-ons for VKontakte, for example, for downloading music or tracking page visitors. Therefore, users were not suspicious of the fact that the programs asked for data to enter the social network. However, the said app with over a million downloads was a mobile game. Moreover, initially it did not contain malicious code – it was added with one of the updates in October 2017.
The attackers also took into account the peculiarities of the VKontakte audience. This social network is popular primarily in the post-Soviet countries, so the application stole data only on devices with certain languages - Russian, Belarusian, Ukrainian, Kazakh, Armenian, Azerbaijani, Kyrgyz, Romanian, Tajik and Uzbek.
Analysts believe the criminals used the stolen data primarily to promote VKontakte groups. Some of the attacked users complained that they were subscribed to certain pages without their own knowledge.