A total of 12 malicious Android apps on the Google Play Store are stealing people’s bank account details, according to researchers at ThreatFabric, and those apps have been downloaded 300,000 times.
In a blog post, cyber security experts pointed out that such apps offer malware content only through third-party sources once they are downloaded from the Google Play Store.
Malicious Android apps on the Google Play store identified by researchers include qr scanner, qr scanner 2021, pdf document scanner free, pdf document scanner, two factor validator, Security guard, QR Creator Scanner, master scanner live, cryptotracker I gym and fitness coach,
Researchers say these apps are part of four malware families — Anatsa, Alien, Hydra, Ermack — that are designed to steal users’ bank passwords as well as two-factor authentication codes. The malware still captures what you type and takes screenshots of users’ phones.
According to the report, the Anatsa malware family has been downloaded more than 100,000 times. It should be noted that such apps get positive reviews in the Google Play Store, making them look more legit.
Google tried to solve the problem by imposing a number of restrictions to prevent the distribution of fraudulent applications. But what makes these apps difficult to detect is that they have a very small malicious footprint, which is not detected by the Google Play Store.
“These apps entice users by offering additional content through third-party updates. In some cases, malware operators are said to have manually triggered malicious updates after tracking the geographic location of infected devices,” the researchers said.
Earlier, in 2020, the Joker Trojan found its way into the Google Play Store, affecting users by enrolling them in paid subscriptions without their consent.
However, there are steps you can take to prevent accidental installation of malware on your device. The most important thing in this case is to download effective antivirus software, which can scan each newly downloaded application and monitor it for any suspicious activity.
