alt Hacker NewsHey, on the other hand, zero malware! It is zero, right? Please say it's zero...
Just today I found a malicious version of Ledger on the macOS app store. It's been there for five weeks, and there are already some anecdotes out there of people losing their coins.
I guess that's somehow the developer's fault for not "staking their claim" to their name, as Apple seems to only monitor for malicious duplicate submissions if the original is in the App Store to begin with...
A year or so ago I had to speedrun turning on developer mode on Android because my grandma had somehow installed an app that did a ransomware-like fullscreen popup after about 10-20 seconds after bootup. Could've factory reset it and called it, but wanted to try to rescue it for my grandma. Used adb to figure out what app was doing it and removed it. I might be misremembering details, but I think one of the reasons it could do what it was doing was it was using Samsung-specific permissions, which Google shouldn't allow on the store. I reported the app and looks like it's gone now.