Google Play Books is Rife With Malware, Phishing Scams

I've long been concerned that Epub3 ebooks would lead to a rise in hacked mobile devices, but apparently Google has decided that there's no need to wait for Epub3 to start the malware attacks. Android Police reports that Google Play Books is suffering from an epidemic of trojan ebooks.

While the Kindle Store and other ebookstores have problems with badly formatted ebooks, Google Play Books puts its customers at risk of having their computers and mobile devices hacked (hence the term trojan ebook, as in trojan horse).


Google doesn't police its ebookstore nearly as well as Amazon, Kobo, or Apple maintain their respective stores, and hackers are making the most of the opportunity. Those hackers are taking advantage of GPB's close proximity to the app section of Google Play to sell ebooks which contain links to what would appear to be cracked games.

These are games which were pirated and then cracked so that users could play for free. Google is vigilant in removing said pirated games from the app section of Google Play, but it has turned a blind eye to similar activity in the ebook section.

And hackers are turning Google's indifference to their advantage. Rather than sell an ebook which contains a link to a pirated game, some hackers are linking to malware which will infect your PC or mobile device:

To figure out what's going on, I tested with a supposed copy of Limbo. The links are all connected to a site called Androider, which hides all the supposed downloads behind a wall of ad redirects (yay, more money) and pages that download suspicious EXE files on your computer and unrelated malware APKs on your phone. There are also some really gross phishing scams in there.

There are dozens if not hundred of these trojan ebooks in Google Play Books, and there's no sign that Google is doing anything about them.

In comparison, a quick check of Kindle and Nook did not turn up any similar suspicious ebooks. (Apple is such a fussbudget that I don't see the need to check iBooks.)

While you could write off the malware victims as getting their just desserts, that doesn't change the fact that Google is also letting pirated games pass through Google Play Books.

That worsens the experience for all users:

Authors and developers rely on the Play Store to make a living, and letting this stuff exist undermines confidence in the ecosystem. Providing a portal for people to get scammed, even if they should know better, is not okay. In addition, these "books" show up in search results when you look for the real app.

He's right, you know.

image by

About Nate Hoffelder (11474 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader: "I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

7 Comments on Google Play Books is Rife With Malware, Phishing Scams

  1. I went looking in Google Books for some books by some famous SF authors (which aren’t available anywhere else), and discovered that they are selling the pirated versions that have been floating around for 10 years or so.

    The covers are the plain Calibre generic covers…

  2. I use play books down loaded onto my Samsung S4 when reading on my IPad 6gbwifi the page freezes after a while. What is the solution

5 Trackbacks & Pingbacks

  1. Problems With Google Play Books | Moultrie Creek Gazette
  2. Daily Links: Google Play Books rife with Malware? | The eBook Evangelist
  3. Google Adds Pre-Publication App Review Process, Adopts ESRB Rating Standards ⋆ Ink, Bits, & Pixels
  4. Malware in Google Play Books Store
  5. Problems With Google Play Books – Moultrie Creek Gazette

Leave a comment

Your email address will not be published.