Sophos gives an example of an application called Flash On Calls&Messages (free.calls.messages). When started, it displays a message indicating that "this application is not compatible with your device!" and then opens the app store to the Google Maps page to trick users into thinking that Google Maps is the problem. After that, it hides its icon so that it cannot be seen in the initiator.
Worse still, these applications further try to avoid deleting Android by using other names and icons in their Android settings. Nine of the 15 programs adopt this strategy to avoid detection. Camouflaged applications will use names such as updates, backups, time zone services and even Google Play stores to mimic harmless programs and even basic functions.
Lead researcher Andrew Brandt (Andrew Brandt) outlined how to find and remove annoying malware: "if you suspect that a recently installed application hides its icon, click Settings, and then click Application and Notification." The recently opened application is displayed in the list at the top of this page. If any of these applications uses a generic Android icon and has a common name, such as backup, Update, time Zone Service), click on the generic icon, then click Force stop, and then click uninstall. A real system application will have a button called disable instead of uninstall, and you don't have to bother to disable it. "
Fifteen malicious applications found have been deleted from Google Play. However, Play market statistics show that they have been downloaded and installed on more than 1.3 million devices around the world.