According to security researchers, more than 300,000 Android users have downloaded these banking Trojan horse malware apps.

Over 300,000 Android smartphone users have downloaded what turned out to be a banking Trojan after being victimized by malware that bypassed detection by the Google Play app store.

detail Threat Fabric Cybersecurity Researcher, 4 different formats Malware Delivered to victims via malicious versions of commonly downloaded applications such as document scanners, QR code readers, fitness monitors, crypto apps, etc. Apps often come with features that are advertised to prevent users from becoming suspicious.

In either case, the maliciousness of the app is hidden and the malware delivery process starts only after the app is installed, so you can bypass the Play Store detection.

The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users. Researchers describe this as “advanced.” Banking Trojan It can steal usernames and passwords and uses accessibility logs to capture everything that appears on the user’s screen. Keyloggers, on the other hand, allow an attacker to record all the information entered into a phone.

Anasta malware Has been active since January, but seems to have received considerable push since June. Researchers were able to identify six different malicious applications designed to deliver malware. These include QR code scanners, PDF scanners, and apps disguised as cryptocurrency apps, all of which deliver malware.

One of these apps is a QR code scanner installed by only 50,000 users, and the download page has a large number of positive reviews that can encourage people to download the app.Users are directed to the app via Phishing email Also Malicious advertising campaign..

After the first download, users will need to update and continue to use the app. This update provides a way for attackers to steal bank details and other information by connecting to command and control servers and downloading the Anatsa payload to the device.

Aliens are the second most common malware family detailed by ThreatFabric researchers. Android banking Trojan It can also steal two-factor authentication and has been active for over a year. The malware has received 95,000 installations via malicious apps on the Play Store.

look: Cybersecurity Victory Strategy (ZDNet Special Report)

One of these is a gym and fitness training app that comes with a support website designed to enhance justification, but a closer look at the site will show placeholder text throughout the site. This website also acts as a command and control center for Alien malware.

Like Anasta, the initial download does not contain malware, but users are prompted to install a fake update (disguised as a new fitness regime package) that distributes the payload.

Two other forms of malware that have been dropped using similar methods in the last few months are Hydra and Elmac, There are at least 15,000 downloads in total. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cybercriminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the devices needed to steal banking information.

ThreatFabric has reported all malicious apps to Google and they have already been removed or are under review. Cybercriminals continue to seek ways to circumvent protection and deliver mobile malware. Mobile malware is becoming more and more attractive to cybercriminals.

“The Android Banking Malware Echo System is evolving rapidly. These numbers we are currently observing are the result of a slow but unavoidable shift in focus from criminals to the mobile environment. With that in mind, the Google Play Store is the most appealing. The platform we use to serve malware, “Dario Durando, Mobile Malware Specialist at Threat Fabric, told ZDNet.

The persuasive nature of malicious apps means that they can be difficult to identify as potential threats, but there are steps users can take to avoid infection.

“As a rule of thumb, always check for updates and always pay close attention before granting accessibility services privileges. This is required by malicious payloads after the” Updates “installation. Also, be aware of applications that require the installation of additional software. “Duland said.

ZDNet tried to contact Google for comment, but did not respond at the time of publication.

Cyber ​​security details According to security researchers, more than 300,000 Android users have downloaded these banking Trojan horse malware apps.

Back to top button