If you have an Android phone, you must be more cautious when it comes to installing apps from the Google Play Store. Researchers have uncovered that over 300,000 people downloaded what turned out to be banking trojan software after it managed to circumvent the Google Play Store’s security measures, according to the researchers. Several regularly downloaded applications serve as a front for four distinct types of malware, one of which has the capability of capturing users’ bank account and password information and sending it to hackers for further exploitation.
Several ubiquitous applications, including QR code readers, document scanners, fitness trackers, and bitcoin trading platforms have been shown to be fraudulent by ThreatFabric researchers. Hackers have been successful in creating malicious versions of these programmes that appear to be identical to the legitimate versions. And, in order to avoid raising suspicions among users, these applications would market what they do in the most enticing manner imaginable. After being persuaded by this advertising, consumers become prey to hackers and end up compromising their personal information.
Some of these applications are Two Factor Authenticator, Protection Guard, QR CreatorScanner, Master Scanner Live, QR Scanner 2021, PDF Document Scanner – Scan to PDF, CryptoTracker, Gym and Fitness Trainer
According to the experts, hackers are employing four distinct types of malware to steal the personal information of users from their computers. Each malware piece remains dormant unless the software that contains it is installed on the device that has it. The malware’s initial action after the installation is complete is to circumvent the security measures implemented by the Google Play Store. This means that the app and the virus will be able to carry out their functions on the phone without being detected.
The researchers claim that more than 200,000 Android users have downloaded the Anatsa virus, which is the most frequent of the four types of malware they discovered. It is referred to be a “advanced” banking trojan due to the fact that it is capable of stealing usernames and passwords for the user’s online banking services. But it may also activate accessibility logging on the phone, which means that everything that takes place on the phone’s screen will be recorded as it happens. Additionally, the Trojan has been infected with a keylogger that is designed to capture any information that the user types on the phone, such as passwords.
Anatsa, which has been active since January, has made its way into seemingly innocent programmes such as QR code scanners and PDF document scanners, which are often downloaded by the general public and businesses. Since the emergence of cryptocurrencies and their increasing popularity, certain cases have been discovered in various cryptocurrency applications. Phishing emails are used to attract Android users to these malicious applications. Because of the numerous favourable evaluations on the download page, the applications appear to be legitimate, and as a result, consumers are deceived into downloading and using them.
Alien, Hydra, and Ermac are the names of the other three types of malware that researchers were able to identify. While Alien is capable of stealing critical information even from a two-factor authentication procedure, the other two allow attackers to get access to customers’ financial information using complex tools that have been implanted in them. All of these malware variants remain dormant unless users download the programmes that function as conduits for their distribution.
ThreatFabric claims to have notified Google about the dangerous applications in question. Some of them have already been deleted, while others are currently being investigated. On their blog post, the researchers have identified all of the applications that have been infected by the four malware forms, as well as the apps that have been targeted by the malware forms, which include banking apps such as YONO Lite from the State Bank of India and PayPal.