Malware in Google Play Books Store

Send to Kindle

I’ve previously written posts to inform consumers Why You Should NEVER Get Your Apps From Google Play, and have also warned my readers about Counterfeit Kindle Books, but there’s a new threat in town: malware and phishing scams contained in ebooks sold in the Google Play Books store.



How Is This Possible?
PDF and epub3 are popular formats for ebooks, and both allow the creator of the ebook to include “active” content: videos, embedded widgets like an interactive map or slide show, links to websites and so on.

These types of features can be used to realize the full potential of ebook technology but unfortunately, they can also be used to distribute malware and execute phishing schemes in the same way those things are done in apps, computer programs, email messages, and online because they turn a non-interactive file containing only text and images into something more like an actual computer program.

It’s not for nothing that the two instructional guides pictured above and below this section are intended for developers, not book authors or publishers. These technologies can be used like other programming languages.



Ebooks Are An Easy Target For Hackers
Consumers have adopted ebook technology to a point where many actually prefer buying ebook editions, and few realize an ebook can be used as a carrier for malware. It would never occur to most ebook fans that very bad things can lurk between the virtual covers, which means most would never bother to scan an ebook file for viruses or other malware.

Now add an ebook vendor that’s not taking precautions to keep malware out of their store, and you’ve got a recipe for the quick spread of malware.


Yet Another Reason To Avoid the Google Play Store
As Nate Hoffelder reports on Digital Reader:

Google doesn’t police its ebookstore nearly as well as Amazon, Kobo, or Apple maintain their respective stores, and hackers are making the most of the opportunity. Those hackers are taking advantage of GPB’s close proximity to the app section of Google Play to sell ebooks which contain links to what would appear to be [pirated] games.

…hackers are turning Google’s indifference to their advantage. Rather than sell an ebook which contains a link to a pirated game, some hackers are linking to malware which will infect your PC or mobile device.

Android Police adds:

It seems like for all its efforts in cleaning up the Play Store, Google has a blind spot when it comes to books. There are multiple publisher accounts in Google Play Books that claim to offer cracked APKs for a dollar or two, and people are buying them. Instead of getting a cheap game, all people are getting is disappointment and malware.

After becoming aware of this problem, we spotted almost a dozen sellers of these phony “guides,” but that’s probably just scratching the surface…Each “book” is only a few pages long and contains download links and installation instructions…



Don’t Assume That Avoiding These App “Guides” Will Keep You Safe
As I said in the beginning, ANY PDF or epub3 book can be used to transport hidden malware, and if Google isn’t watching out for this kind of thing and actively policing its Books store, the potential threat is there for ANY PDF or epub3 book you get in the Google Play store.

On Quora, Nick Ciske, Expert WordPress/PHP Developer (16+ years web development experience) answers the question, “Can ePUBs or PDFs contain viruses?“:

PDFs, yes. A quick Google search yields this among other resources.
Can a PDF document contain a virus?

An ePub is a ZIP file of HTML, CSS, and JavaScript… so it could certainly contain a virus, malware, or code that attempts to force the install of either.

A more detailed an nuanced answer, again from a quick Google search:
EPUB javascript security


My advice: stick to Kindle books purchased or downloaded for free from Amazon. Amazon has yet to have a single incident of malware being hidden in ANY digital content they sell, in all its long history of selling digital content. I wouldn’t trust Google Play as far as I could throw one of their massive servers, but I trust Amazon, if for no other reasons than their spotless record and the fact that they understand maintaining consumer trust is key to their ongoing success.


* * *

If you’re in the market for an Echo, Amazon’s $50 Off offer for purchase of an Echo is worth a closer look. Under this offer, if you use an Amazon Store Card or Amazon Prime Card to buy an Echo, you will receive a $50 discount off the purchase price. Better still, if you don’t yet have either of those credit cards and open a new account to take advantage of this offer, you’ll get an additional $10 gift card at the time your account is opened. Use it toward the Echo purchase and you’ll save a total of $60.

Advertisements make it possible for Digital Media Mom to bring you great content for free, so thanks for your support.


* * *

Fire Tip of the Week: Featured Free App is Fluffy Shuffle Match-3 Game

* * *


Print Friendly