Over 90 Android malware apps uncovered on Google Play


In the latest reminder that you should always be extra careful about what you download, cloud security company Zscaler revealed this week that its researchers identified and analyzed more than 90 malicious Android apps on the Google Play store in recent months. So far, the Android malware apps have been installed over 5.5 million times.

As Zscaler explains, Anatsa malware (a.k.a. TeaBot) has been spreading rapidly. Anatsa is an especially dangerous banking malware that appears harmless when the user first installs it but later downloads malicious code or a command-and-control server disguised as an app update. This allows the malware to evade detection on the Android app store.

In other words, the apps aren’t initially malicious. Two examples Zscaler provided, PDF Reader & File Manager and QR Reader & File Manager, will not immediately infect your phone. Instead, they lull you into a false sense of security and then deliver their second-stage payload, which is disguised as a legitimate application update.

Infected apps on the Google Play store.
Infected apps on the Google Play store. Image source: Zscaler

Once the malware successfully infects the device and begins communication with the C2 server, it scans the user’s device to detect any installed banking apps. If it finds any, it sends that information to the C2 server, which then sends back a fake login page for the detected apps. If you fall for this trick and enter your login information, it will be sent back to the server, at which point hackers can use it to log in to your banking apps and steal your money.

Zscaler researchers say that Anatsa primarily targets apps from financial institutions in the UK, there have also been victims in the US, Germany, Spain, Finland, South Korea, and Singapore. No matter where you live, you need to be wary of the dangers.

“The recent campaigns conducted by threat actors deploying the Anatsa banking trojan highlight the risks faced by Android users, in multiple geographic regions, who downloaded these malicious applications from the Google Play store,” Zscaler says.

Although the researchers didn’t share the identities of the Android apps infected with malware on the Google Play store, both of the apps shared in the example above are no longer available. Presumably, Zscaler has alerted Google to the others.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *