Google Play Books is Rife With Malware, Phishing Scams
I’ve long been concerned that Epub3 ebooks would lead to a rise in hacked mobile devices, but apparently Google has decided that there’s no need to wait for Epub3 to start the malware attacks. Android Police reports that Google Play Books is suffering from an epidemic of trojan ebooks.
While the Kindle Store and other ebookstores have problems with badly formatted ebooks, Google Play Books puts its customers at risk of having their computers and mobile devices hacked (hence the term trojan ebook, as in trojan horse).
Google doesn’t police its ebookstore nearly as well as Amazon, Kobo, or Apple maintain their respective stores, and hackers are making the most of the opportunity. Those hackers are taking advantage of GPB’s close proximity to the app section of Google Play to sell ebooks which contain links to what would appear to be cracked games.
These are games which were pirated and then cracked so that users could play for free. Google is vigilant in removing said pirated games from the app section of Google Play, but it has turned a blind eye to similar activity in the ebook section.
And hackers are turning Google’s indifference to their advantage. Rather than sell an ebook which contains a link to a pirated game, some hackers are linking to malware which will infect your PC or mobile device:
To figure out what’s going on, I tested with a supposed copy of Limbo. The links are all connected to a site called Androider, which hides all the supposed downloads behind a wall of ad redirects (yay, more money) and pages that download suspicious EXE files on your computer and unrelated malware APKs on your phone. There are also some really gross phishing scams in there.
There are dozens if not hundred of these trojan ebooks in Google Play Books, and there’s no sign that Google is doing anything about them.
In comparison, a quick check of Kindle and Nook did not turn up any similar suspicious ebooks. (Apple is such a fussbudget that I don’t see the need to check iBooks.)
While you could write off the malware victims as getting their just desserts, that doesn’t change the fact that Google is also letting pirated games pass through Google Play Books.
That worsens the experience for all users:
Authors and developers rely on the Play Store to make a living, and letting this stuff exist undermines confidence in the ecosystem. Providing a portal for people to get scammed, even if they should know better, is not okay. In addition, these "books" show up in search results when you look for the real app.
He’s right, you know.
image by HikingArtist.com