The effort to keep our devices free of malware, viruses and threats is an endless battle and certainly seems invincible – at least for the good guys. Malicious apps were found in the Google Play Store … again … and this time they stole bank credentials. Although it’s great that the threats have been removed, we know it’s only a matter of time before they land there again.
Detection of malicious apps in the Google Play Store
Do you feel like you’re experiencing a bit of deja vu? At this point, it can be compared to learning that there is another variant of the circulating corona virus.
Cellular security company ThreatFabric announced in a blog post that a group of apps has been found in the Play Store and that they are stealing bank credentials. Masked Trojans were lowered more than 300,000 times before they were found.
The apps stole user passwords and two-factor verification codes, documented the keystrokes and took screenshots posing as QR scanners, PDF scanners and cryptocurrencies. They belonged to four separate families of Android malware.
While Google has made security efforts to prevent the uploading of malware, the developers of the malware have managed to sneak in.
“What’s very difficult to identify these Google Play campaigns from an automation (sandbox) point of view and machine learning is that developer apps all have a very small malicious footprint.” Explained the blog post. “This small footprint is a result of (direct) the licensing restrictions enforced by Google Play.
The malware developers managed to circumvent Google’s rules by offering apps that did not initially include a threat. After downloading the apps, users were asked to download updates with updated features from third-party sources. This provided the backbone of the malware to go through.
There were other methods also used to limit suspicion around the apps. “This incredible attention paid to evading unwanted attention makes the automatic detection of malware less reliable,” the ThreatFabric blog post said. “This consideration is confirmed by VirusTotal’s very low overall score of the number of drips we researched in this blog post.”
The Anatsa malware family has been behind more than three other malicious apps. It had remote access and automated transfer systems that stole from bank accounts of innocent users.
Limit the impact of malicious applications
The other software families were Alien, Hydra and Ermac. The malicious apps offered in the Play Store included:
- Verifies two factors
- Protection Guard
- QR CreatorScanner
- Live Scanner Master
- QR 2021 scanner
- QR scanner
- PDF Document Scanner – PDF scanner
- Scanner PDF documents
- Free PDF scanner
- CryptoTracker
- Fitness and fitness trainer.
Make sure you do not have any of them on your Android devices.
While Google is always in a hurry to pull these apps down, malicious apps in the Play Store are a troublesome problem, whether they steal banking information or perform other malicious tasks.
But as these recent malicious apps have shown, it can be difficult to identify the apps as malicious. Undoubtedly, it is a good practice to avoid apps with bad reviews and a small presence. Also, if you have older apps that are not in use on your phone, uninstalling them is best.
Read on to learn about malware disguised as COVID messages and our review of Emsisoft Anti-Malware.
Is this article useful?
Laura has spent nearly 20 years writing news, reviews and articles, with more than 10 of them also as an editor. It has used only Apple products for the past three decades. In addition to writing and editing in MTE, it also runs the site’s sponsored audit program.