Recently, the researchers unit has claimed that Samsungs’ Galaxy Store has had an infiltration of riskware apps that led to multiple Play Protect warnings on users’ devices. 

Riskware is a word used to describe software whose installation and execution in the devices pose certain risks to a host computer. 

The incident first was registered by the Android Police unit; the cybercriminals imitate apps ShowBox, a pirate app that was reported in 2018, after a coalition of movie studios managed to disclose the identity of the criminal and took legal actions against him. 

Pirate apps ‘ShowBox and MovieBox’ allow users to have wild access to copyright-protected movies and TV shows without taking membership plans to the legitimate content providers. 

As per the mobile security analyst "linuxct", when users install pirate apps in their devices it increases security risks in their devices because these apps trigger Google Play Protect warnings while apps request access to risky permissions that could allow the installation of malware on the Android device.

If the users allow those requests, then the apps get access to users’ important credentials such as contact lists, execute code, call logs, fetch malware payloads click on ads, and more. Also, after examining the functions of the app, Linuxct discovered that ad technology could be used to perform remote code execution, allowing it to be abused to execute commands on the device. 

Multiple anti-virus engines on VirusTotal detect samples of these apps as trojan, riskware, ad clicker, or generic malware. 

"Samsung is hosting literal malware on the Galaxy Store. Google's anti-virus protection software, built into Play Services, stops the install. I've found at least 5 of these apps in a row on the Galaxy Store", Freelance writer Max Weinbach said. 

Researchers said, Samsung should take legal actions, and the company should have rejected these apps for what they claim to be, even if the applications weren't posing any threats to the devices.