Google Confirms Play Store App Deletion—Act Now

Do not keep apps on your phone

AFP via Getty Images

Republished on August 25 with a new threat warning and Google suddenly confirming a crack down on Android apps from any source — a potential game-changer.

Google has deleted millions of apps from Play Store as Android changes beyond recognition. There’s a clampdown on apps from outside the official store, and trivial apps on Play Store itself are being rooted out. Now Google has confirmed more apps have been deleted, after a hidden threat was found attacking Android phones.

The latest warning comes from Zscaler. It’s Anatsa malware again, “attacking Android devices and targeting financial applications.” Also known as TeaBot, this nasty threat “steals credentials, monitors keystrokes, and facilitates fraudulent transactions.”

Zscaler’s ThreatLabz team says “the latest variant of Anatsa targets over 831 financial institutions worldwide,” and it has “identified and reported 77 malicious apps from various malware families to Google, collectively accounting for over 19 million installs.”

ForbesDo Not Use These Networks On Your Phone, TSA Warns—Here’s WhyBy Zak Doffman

Google tells me all apps identified by Zscaler have been deleted from Play Store, and “protection against these malware versions was already in place through Google Play Protect prior to this report. Based on our current detection, no apps containing these versions of this malware are found on Google Play.”

As long as Google Play Protect is enabled, which should be on by default, “Android users are automatically protected against known versions of this malware.” You also need to delete any of the trivial apps on your device that are no longer available on Play Store. As far as Anatsa is concerned, pay particular attention to document readers.

Zscaler explains that “Anatsa uses a dropper technique, where the threat actors use a decoy application in the official Google Play Store that appears benign upon installation. Once installed, Anatsa silently downloads a malicious payload disguised as an update from its command-and-control (C2) server. This approach allows Anatsa to bypass Google Play Store detection mechanisms and successfully infect devices.”

When you install the dropper, the malware will run a set of checks to help it evade analyst machines or security software. It does its best to ensure it has a clear run on a device before loading the malicious malware itself.

Anatsa displays fake login pages for banking apps for the hundreds of banks targeted. “These pages are tailored based on the financial institution applications detected on the user’s device.” Those credentials are then stolen enabling remote attacks.

Anatsa is just one of the malware threats identified by Zscaler and reported to Google. All apps reported have been deleted, but that doesn’t mean they’re no longer on your phone, which is why you must act now to check.

One easy way is to start with permissions, especially accessibility services, to identify likely threats. “Android users should always verify the permissions that applications request, and ensure that they align with the intended functionality of the application.”

It’s exactly this form of permission abuse that’s behind the latest attacks flagged by the team at Zimperium, “a new variant of the Hook Android banking trojan, now featuring some of the most advanced capabilities we’ve seen to date.”

Zimperium warns that “as with prior versions, Hook abuses Android Accessibility Services to automate fraud and control devices remotely. The difference: its growing command set and overlay techniques give attackers even more flexibility in stealing data, hijacking sessions, and bypassing defenses.”

Meanwhile, Google’s clampdown has suddenly taken a surprising new twist. Google announced Monday that “Android’s new developer verification is an extra layer of security that deters bad actors and makes it harder for them to spread harm. Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices.”

ForbesMicrosoft Issues Free Update Offer—Windows Users Must Now DecideBy Zak Doffman

That means sideloading should become much less risky, a far cry from the current free-for-all, notwithstanding that Play Protect has already been expanded to cover apps from any source. If your device is running Google’s full Play suite, then apps from uncertified developers won’t install, cutting of a major malware risk.

Put more simply, Android just became more like iPhone.