Malicious apps hosted in Google store turn Android phones into zombies

Google has been caught hosting more than a dozen malicious titles in its official Android app market. Some had been downloaded tens of thousands of times and turn smartphones into zombies that await commands from their attacker overlords, security researchers said.

A stash of 17 malicious apps remained freely available in the Google Play store, according to a blog post published Thursday by researchers from antivirus provider Trend Micro. Six of those titles contained a highly stealthy code dubbed Plankton, which causes Android-based phones to connect to command and control servers and wait for commands. At least 10 Plankton-based apps found last year in the Android market collected users’ browsing history, bookmarks, and device information and sent them to servers under the control of the attackers.