Regardless of Google’s greatest efforts, malicious Android apps continuously bypass its safety measures and make their approach into the Play Retailer. Customers then obtain these apps assuming they’re protected, solely to be one other sufferer of malware campaigns. Safety researchers Zscaler ThreatLabz not too long ago found over 90 such Android apps with mixed downloads of over 5.5 million on the Play Retailer.
Greater than 90 malicious Android apps found on the Play Retailer
In a weblog publish, the analysis agency highlighted a latest surge within the Anatsa banking trojan’s exercise. Also referred to as Teabot, the trojan targets apps from over 650 monetary establishments worldwide, making an attempt to steal individuals’s banking credentials to carry out fraudulent transactions. It achieved over 150,000 infections inside just a few months between late 2023 and February 2024 by way of the Play Retailer utilizing numerous decoy apps.
In accordance with Zscaler ThreatLabz, the most recent Anatsa malware marketing campaign used apps named “PDF Reader & File Supervisor” and “QR Reader & File Supervisor” as its decoy apps. The 2 apps, which have since been faraway from the Play Retailer, had amassed 70,000 installations when the agency found they distributing malware. Menace actors behind the marketing campaign employed a multi-step mechanism to keep away from detection.
As soon as the malicious app is put in on an Android machine, it retrieves configuration and important strings from the C2 server. The app then downloads the DEX file containing malicious dropper code and prompts it on the machine. That is adopted by a configuration file with the Anatsa payload URL. Lastly, the DEX file downloads the malware payload APK and installs it to finish the an infection.
The malware additionally has a mechanism in place to keep away from its execution on sandboxes or emulating environments. All of this makes it troublesome for safety techniques to detect it. Nevertheless, the Anatsa malware isn’t the one one which Zscaler ThreatLabz found on the Play Retailer. The analysis agency discovered over 90 apps distributing numerous different varieties of malware together with Joker, Facestealer, Coper, and Adware.
Keep away from downloading third-party alternate options for inventory apps
The researchers didn’t disclose the names of the opposite malicious apps discovered on the Play Retailer. They mentioned the apps impersonated numerous productiveness instruments, personalization instruments, pictures utilities, and well being & health apps. The agency has in all probability already reported the apps to Google and will have gotten them faraway from the Play Retailer.
Nevertheless, that is actually not the top of malware-laden apps on the official Android app retailer. Menace actors typically assume a step forward of safety specialists. They at all times discover a solution to bypass Google’s safety measures. You ought to be cautious when downloading apps from lesser-known builders. Most Android units include a built-in file supervisor, PDF reader, digital camera app, and different productiveness instruments. Keep away from downloading third-party alternate options.
