undefined | Better HN

0 pointsNewsaHackO3mo ago0 comments

A lot of what you said in the second portion isn't at all true (for instance, Google definitely doesn't just ask the author if what they are uploading is malware as a sole check if an app is malware). But I don't think we can even continue the discussion until you prove the "obvious" assertion that there are apps in the Play Store that are malware. So I am going to ask again: give a single name of an app currently in the Play Store that is malware. We are not talking about Apple, but I will extend it so that you can give an app in the Apple App Store that is malware as well.

Let me know when you can provide a single specific name.

0 comments

array_key_first2mo ago

I never said it was a sole check, I said it was a check. The reality is that app is not thoroughly tested and, even if it was, this would not catch all malware because, again, it's trivial to write malware that can pass a review period and flip on later.

First Google search https://www.malwarebytes.com/blog/news/2025/08/77-malicious-...

Here's 77 found by researchers and then removed. Relying on researchers to find malware isn't a very good bet.

If I were a betting man, I would say there are thousands of apps on the play store that you can classify as malware.

We will never know the true number because one of the primary goals of malware is to be as difficult to detect as possible. They're not going to declare they're malware, duh.

If you know of some algorithm to detect malware, I'd love to hear it. Evidently even trillion dollar companies cannot come up with one. To this day, the best way to detect malware is source code analysis and thorough behavior testing.

Google and Apple do neither. Those are just the facts. Do with that what you will, I don't care.

NewsaHackOOP2mo ago

That is actually hilarious, did you actually read the MO of those Apps?

>The core payload has been updated to incorporate a new keylogger variant of Anatsa. Additionally, the malware utilizes a well-known Android APK ZIP obfuscator for enhanced evasion. The DEX payload is concealed within a JSON file, which is dynamically dropped at runtime and promptly deleted after being loaded.

I wonder if there is anything that Google can do to prevent this specific attack. :)

array_key_first2mo ago

If you're wondering, I didn't read the link at all. The fact that malware exists on the play store is undisputed and I think everyone, except you, agrees with me. So I don't feel it requires much, if any, research on my part.

1 more reply

j / k navigate · click thread line to collapse

0 comments

array_key_first2mo ago

First Google search https://www.malwarebytes.com/blog/news/2025/08/77-malicious-...

Here's 77 found by researchers and then removed. Relying on researchers to find malware isn't a very good bet.

If I were a betting man, I would say there are thousands of apps on the play store that you can classify as malware.

We will never know the true number because one of the primary goals of malware is to be as difficult to detect as possible. They're not going to declare they're malware, duh.

Google and Apple do neither. Those are just the facts. Do with that what you will, I don't care.

NewsaHackOOP2mo ago

That is actually hilarious, did you actually read the MO of those Apps?

I wonder if there is anything that Google can do to prevent this specific attack. :)

array_key_first2mo ago

1 more reply

j / k navigate · click thread line to collapse