Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries.
“This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,”
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe.
The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation of legitimate services
AI-powered security systems blocked over 1.75 million malicious or policy-violating apps from reaching the Play Store in 2025, strengthening Android security.
According to Google’s latest Android and Google Play security update, the company blocked over 1.75 million apps during the review process.
The apps were flagged for policy violations, including embedded malware, financial fraud, aggressive data collection, and hidden subscription abuse.
Google also banned more than 80,000 “bad developer” accounts linked to harmful or deceptive apps, cutting off repeat offenders from re-entering the ecosystem under new identities.
Every submitted app now undergoes more than 10,000 automated and manual safety checks, with Google stating that these measures are designed to prevent real-world harm before apps ever reach user devices.
Safeguards block bad apps, tools ease compliance (source: Google Blog)
Strengthening Privacy Controls and Data Protection
Google says it has heavily integrated its latest generative AI models into the Play review pipeline, enabling security teams to spot complex, evolving malicious patterns faster than before.
These models work alongside human reviewers to detect obfuscated behaviors, suspicious permission usage, and fraud indicators that may not be obvious from static analysis alone.
The company reports that its strengthened pre-review checks, developer verification, and mandatory testing requirements are discouraging many bad actors from even attempting to publish malicious apps on Google Play.
Expanded Play Protect to fight scams (source: Google Blog)
Beyond blocking app submissions, Google prevented more than 255,000 apps from obtaining excessive access to sensitive user data by enforcing stricter privacy controls and permission policies.
To protect the integrity of ratings and user trust, anti-spam systems blocked around 160 million fake or manipulative reviews, avoiding an average 0.5-star rating drop for apps targeted by coordinated review bombing campaigns.
For families, Google has also introduced new layers of protection to stop children from discovering or downloading apps related to high-risk categories such as gambling or dating.
New Security Tools for Android Developers
Google Play Protect, Android’s built-in malware defense, now scans over 350 billion apps every day across the Play Store and sideloaded sources.
In 2025, its real-time scanning identified more than 27 million new malicious apps distributed outside Google Play, warning users or blocking installations outright to neutralize threats before they could execute.
Security Tool / Feature
Purpose
2025 Update
Protection Benefit
Play Policy Insights (Android Studio)
Real-time policy guidance
Lint-style checks flag risky permissions & APIs
Prevents policy violations before submission
Pre-review checks (Play Console)
Catch compliance issues early
Automated checks for credentials, permissions & privacy links
Enhanced fraud protection within Play Protect is now deployed in 185 markets and covers over 2.8 billion Android devices.
Android security relies on developer collaboration and feedback (source: Google Blog)
Blocked 266 million risky sideloading attempts tied to approximately 872,000 unique high-risk apps, many of them designed for financial fraud via abusive permissions.
To support developers, Google expanded Play Policy Insights in Android Studio, providing real-time feedback on risky permissions and policy compliance during development rather than only at submission time.
The Play Integrity API, now handling more than 20 billion checks per day, gained hardware-backed signals and in-app prompts to help apps defend against abuse, spoofed devices, and unauthorized access while preserving user privacy.
Looking ahead, Google plans to roll out broader developer verification across the Android ecosystem and continue investing in AI-driven defenses.
Aiming to make malicious apps increasingly unviable while helping legitimate developers build secure, compliant apps by design.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Google Blocked 1.75 Million Malicious Apps from Entering into the Play Store appeared first on Cyber Security News.
A failure in the helium flow of the SLS rocket has prompted NASA to delay the Artemis II moon mission. Rather than March 6, the launch is now targeted for April.
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL.
Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and
Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks.
“The
The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector.
“UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector,” CSA said. “All four of Singapore’s major telecommunications operators (‘telcos’) – M1, SIMBA Telecom, Singtel, and
Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.
“The focus is on high-ranking targets in
