Malicious Android apps that stole sensitive financial data were downloaded over 300,000 times from the Google Play store, according to a report published by researchers at ThreatFabric. They discovered that users had their banking details stolen by seemingly benign-looking apps. User passwords, two-factor authentication codes, logged keystrokes, and more were siphoned via apps that posed as QR scanners, PDF scanners, or cryptocurrency wallets. These apps are primarily part of four malware families — Anatsa, Alien, Hydra, and Ermac. Google has tried to tackle the problem by introducing several restrictions to seize the distribution of fraudulent apps. This has motivated these cybercriminals to develop ingenious means to bypass the Google Play store restrictions.
In its post , ThreatFabric explained that such applications only introduce the malware content through third-party sources after being downloaded from the Google Play store . These applications reportedly entice users by offering additional content through such third-party updates. In some cases, the malware operators are said to have manually triggered malicious updates after tracking the geographical location of the infected devices.
The malicious Android apps on the Google Play store spotted by the researchers included QR Scanner, QR Scanner 2021, PDF Document Scanner, PDF Document Scanner Free, Two Factor Authenticator, Protection Guard, QR CreatorScanner, Master Scanner Live, CryptoTracker, and Gym and Fitness Trainer.
The biggest perpetrator of such activities has been the Anatsa malware family as per the report, which was downloaded over 100,000 times. Such applications appeared to be legitimate as they had a large number of positive reviews and offered the depicted functionality upon use. However, after the initial download from Google Play, these apps made users install third-party updates to continue using them. The malware installed was then reportedly able to steal banking details and even capture everything shown on the device’s screen.
Google published a blog post in April marking out the steps they have taken to deal with such nefarious apps. This included reducing the developer access to sensitive permissions. However, as per a test conducted by German IT security institute AV-Test in July, Google Play Protect failed to provide a competent level of security compared to other prominent anti-malware programs. It was only able to detect around two-thirds of the 20,000 malicious apps that were tested.
The ingenuity of such malware operators has reduced the reliability of automatic malware detectors, the ThreatFabric claims. Users will have to be vigilant regarding the access they grant to applications and the sources they download the apps and their updates from.
- Google Play Store app rejections up 55% from last year, app suspensions up 66%
- This data-stealing Android malware infiltrated the Google Play Store, infecting users in 196 countries
- Open-source spyware makes it on the Google Play Store
- Google Play found housing 172 malicious apps with over 335 million collective downloads in September: Report
- Make Sure You Didn't Download One of These Malicious Apps From Google Play
- Google Play is closing its Artist Hub and will merge with YouTube Music
- Google is overhauling the Play Store's app rating system
- Google Play Protect analyzes every Android app that it can find on the internet
- TikTok Still Unavailable in India via App Store, Google Play
- DJI website's 'Get the app on Google Play' directs users elsewhere
Google Play Store Apps That Stole Bank Credentials Were Downloaded 300,000 Times: Report have 578 words, post on gadgets.ndtv.com at November 30, 2021. This is cached page on ReZone. If you want remove this page, please contact us.