Table of Contents
Regardless of Google’s greatest efforts, malicious Android apps ceaselessly bypass its safety measures and make their manner into the Play Retailer. Customers then obtain these apps assuming they’re secure, solely to be one other sufferer of malware campaigns. Safety researchers Zscaler ThreatLabz lately found over 90 such Android apps with mixed downloads of over 5.5 million on the Play Retailer.
Greater than 90 malicious Android apps found on the Play Retailer
In a weblog publish, the analysis agency highlighted a latest surge within the Anatsa banking trojan’s exercise. Also called Teabot, the trojan targets apps from over 650 monetary establishments worldwide, trying to steal individuals’s banking credentials to carry out fraudulent transactions. It achieved over 150,000 infections inside just a few months between late 2023 and February 2024 through the Play Retailer utilizing varied decoy apps.
In keeping with Zscaler ThreatLabz, the most recent Anatsa malware marketing campaign used apps named “PDF Reader & File Supervisor” and “QR Reader & File Supervisor” as its decoy apps. The 2 apps, which have since been faraway from the Play Retailer, had amassed 70,000 installations when the agency found they distributing malware. Menace actors behind the marketing campaign employed a multi-step mechanism to keep away from detection.
As soon as the malicious app is put in on an Android system, it retrieves configuration and important strings from the C2 server. The app then downloads the DEX file containing malicious dropper code and prompts it on the system. That is adopted by a configuration file with the Anatsa payload URL. Lastly, the DEX file downloads the malware payload APK and installs it to finish the an infection.
The malware additionally has a mechanism in place to keep away from its execution on sandboxes or emulating environments. All of this makes it troublesome for safety methods to detect it. Nonetheless, the Anatsa malware isn’t the one one which Zscaler ThreatLabz found on the Play Retailer. The analysis agency discovered over 90 apps distributing varied different varieties of malware together with Joker, Facestealer, Coper, and Adware.
Keep away from downloading third-party alternate options for inventory apps
The researchers didn’t disclose the names of the opposite malicious apps discovered on the Play Retailer. They mentioned the apps impersonated varied productiveness instruments, personalization instruments, images utilities, and well being & health apps. The agency has most likely already reported the apps to Google and will have gotten them faraway from the Play Retailer.
Nonetheless, that is actually not the top of malware-laden apps on the official Android app retailer. Menace actors typically assume a step forward of safety consultants. They all the time discover a strategy to bypass Google’s safety measures. You have to be cautious when downloading apps from lesser-known builders. Most Android gadgets include a built-in file supervisor, PDF reader, digital camera app, and different productiveness instruments. Keep away from downloading third-party alternate options.