More than 90 different Android apps available on Google Play have been found to contain malware, according to cloud cybersecurity firm Zscaler.
The malicious apps, which collectively racked up over 5.5 million installs, typically pose as PDF or QR code readers. In reality, they contain banking malware that secretly collects your data behind the scenes after you install a malware-laden app update. The payload then displays fake banking login pages on your device, which can be used to swipe your financial credentials and potentially access your bank accounts.
Malicious installers masquerading as a legitimate PDF reader and QR code reader in the Google Play Store. (Credit: Zscaler)
The Android app “PDF Reader & File Manager” from a developer named TSARKA Watchfaces and “QR Reader & File Manager” from a developer named “Risovanul” are two examples of apps that Zscaler found to contain malware. Both apps saw over 70,000 downloads combined, but both have been removed from the Play Store. However, these apps still pose a security threat to anyone who has already downloaded them.
Notably, both apps contain suspicious warning signs that suggest they are not legitimate. For one, no app has a known or logical developer name. They also do not provide a professional support email associated with a web domain that matches the developer’s name. Instead, both apps use free Gmail accounts with seemingly random prefixes.
An overview of the types of applications most commonly exploited by threat actors. (Credit: Zscaler)
According to Zscaler, most of the other apps on Google Play with malware fall into the “tools” category, with many other malicious apps masquerading as “personalization” or photo apps. While Zscaler focused its analysis on Anatsa, it identified several malware families distributed through the Google Play store, including Joker, Adware, Facestealer, and Coper.
Recommended by our Editors
“Even though they get the smallest [malware family distribution] share 2% and 1% (respectively), Antasa and Coper are well-known and highly influential families of banking Trojans. Last year, we observed several instances of Coper banking malware present in the Google Play store,” says Zscaler.
Unfortunately, just because an app is in the Google Play Store or Apple’s App Store doesn’t necessarily mean it’s safe to download and use. Other types of banking trojan malware emerged as recently as April, such as “Brokewell,” which allows attackers to gain full access and remote takeover of victims’ devices. Android malware has been a constant threat for years, and the Anatsa malware previously appeared earlier this year, as well as in 2022.
Like what you’re reading?
Register Per Security Watch newsletter for our best privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, deals or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.
#careful #Android #apps #installing #malware #stealing #data
Image Source : www.pcmag.com
Leave a Reply