Android apps that steal banking details were downloaded 300,000 times in just 4 months

• A total of 12 apps with Android banking trojans were discovered in the Google Play Store.
• These apps are capable of stealing banking information and wiping out the victim’s bank account.
• The apps were distributed in a span of four months and downloaded 300,000 times.

Google has been improving Play Store’s security but there are still some malware infused apps that manage to sneak inside. Researchers have now discovered a total of 12 apps in the Play Store that were used to steal people’s bank account details, and these apps were downloaded 300,000 times.

These apps were posing as QR code scanners, PDF scanners, and even cryptocurrency wallets, according to researchers at ThreatFabric. The apps belonged to four different Android malware versions, and were designed to steal people’s online banking passwords as well as two-factor authentication codes. The malware even captured keystrokes and could take screenshots of users’ phones.

So how did the apps bypass Google’s security check? These apps were first distributed as a legitimate app with no malware and worked as they were advertised which made users think there’s nothing wrong here. The apps also had positive reviews in the Google Play Store which would make them look more legitimate. Users were then asked to install software updates from third-party sources for additional features.

Through these updates, a very advanced Android banking trojan ‘Anatsa’ would be installed in the victims’ phones. This Android trojan is capable of giving hackers remote access to a victim’s phone and wiping out one’s bank account by transferring all the money to their account. In addition to Anatsa, these apps also had other Android malware including Alien, Hydra and Ermac.

Among the kind of apps that these malware were injected into, the most popular were scanning apps, a crypto tracking app and workout apps. These apps with four large Android malware families were spread in a span of only four months, and were downloaded 300,000 times.

ThreatFabric also highlighted how this is actually a small malicious footprint, and this is due to the new Google Play restrictions that puts limitations on app permissions such as Accessibility Service. This was one of the commonly used methods of installing malware on phones but hackers are now resorting to download updates after the app is installed.

SEE ALSO:

Google Play’s Best of 2021 India Awards: BGMI, Garena Free Fire MAX, Bitclass and Clubhouse top the ranks this year
Valorant Mobile: Gameplay, release date and what to expect