Crazy to see this on HN. I was affected by this malware earlier this month and have both reported the app via the app store phone UI and submitted a full report w/ screenshots via the play stores web interface. Absolutely insane that I can still download this app from the play store and the devs account hasn't been nuked.
The app was updated Jan 29th. I noticed probably on the 1st or 2nd of February. I had a hard time tracking down where the spam tabs were coming from, but the app luckily gave me a spam notification from which I was able to see the app name and uninstall it.
I just don't understand how Google Play could've let this slip. Was this like the cyberattack now to long ago where they were able to infiltrate the CI/CD process to slip in updates? Is this the fault of the developers not securing it or is this willful neglect or incompetence at Google Play store level?
