Although the controls on the Google Play Store have become more reliable in detecting the presence of malware in apps, attackers are always finding new ways to bring malicious content into the smartphones of unsuspecting users, who can find themselves looted at any moment. of banking information and personal data.

This time the alarm was raised by researchers from ThreatFabric, a company that mainly deals with computer security for mobile systems: some apparently harmless applications, downloaded more than 300,000 times overall, would have hidden a trojan said inside. Anatsa capable of stealing personal and banking information, including keys for two-factor authentication.

The offending applications use a particularly ingenious method in order not to be recognized as malicious by Google scans, now almost completely automated based on machine learning algorithms that analyze the number and type of permissions required by applications in order to function.

In fact, to circumvent control systems, these applications present themselves as QR code scanners or PDF documents, fitness assistants or even “wallets” for cryptocurrencies: all services that require access only to storage or the camera and are therefore harmless in the eyes of Google.

The version available on the Play Store of these applications, in fact, does not contain the Anatsa trojan: the user downloads the malicious content only at a later time, when just installed the app requires an update on a third-party service in order to continue to function properly. The ThreatFabric team found the difference between before and after the update in the permissions granted and in the app code itself.

The trap is made even more cunning by the fact that, even after installing the update containing the trojan, these applications work perfectly for the purpose for which they were downloaded, making the user even less suspicious of their nature.

In addition to Anatsa, the ThreatFabric team has detected the presence of three other similarly functioning Android Trojans: Alien, Hydra and Ermac. In all these cases, by unlocking the permissions of the accessibility services, the Trojan will have full access to every software component of the phone, putting the security of the user’s banking and personal information at risk.

These are the twelve applications reported by ThreatFabric as possible vehicles for Android Trojans, complete with their package identifier and unique SHA-256 code. If you already have them installed, do so immediately delete them from your smartphone and check the status of your home banking accounts and services.

Two Factor Authenticator – com.flowdivison – a3bd136f14cc38d6647020b2632bc35f21fc643c0d3741caaf92f48df0fc6997

Protection Guard – com.protectionguard.app – d3dc4e22611ed20d700b6dd292ffddbc595c42453f18879f2ae4693a4d4d925a

QR CreatorScanner – com.ready.qrscanner.mix – ed537f8686824595cb3ae45f0e659437b3ae96c0a04203482d80a3e51dd915ab

Live Master Scanner – com.multifuction.combine.qr – 7aa60296b771bdf6f2b52ad62ffd2176dc66cb38b4e6d2b658496a6754650ad4

QR Scanner 2021 – com.qr.code.generate – 2db34aa26b1ca5b3619a0cf26d166ae9e85a98babf1bc41f784389ccc6f54afb

QR Scanner – com.qr.barqr.scangen – d4e9a95719e4b4748dba1338fdc5e4c7622b029bbcd9aac8a1caec30b5508db4

PDF Document Scanner – Scan to PDF – com.xaviermuches.docscannerpro2 – 2080061fe7f219fa0ed6e4c765a12a5bc2075d18482fa8cf27f7a090deca54c5

PDF Document Scanner – com.docscanverifier.mobile – 974eb933d687a9dd3539b97821a6a777a8e5b4d65e1f32092d5ae30991d4b544

PDF Document Scanner Free – com.doscanner.mobile – 16c3123574523a3f1fb24bbe6748e957afff21bef0e05cdb3b3e601a753b8f9d

CryptoTracker – cryptolistapp.app.com.cryptotracker – 1aafe8407e52dc4a27ea800577d0eae3d389cb61af54e0d69b89639115d5273c

Gym and Fitness Trainer – com.gym.trainer.jeux – 30ee6f4ea71958c2b8d3c98a73408979f8179159acccc01b6fd53ccb20579b6b

Gym and Fitness Trainer – com.gym.trainer.jeux – b3c408eafe73cad0bb989135169a8314aae656357501683678eff9be9bcc618f

There is also another more general warning: when it comes to scanning documents and QR codes, the most advanced versions of Android already include both of these features as part of the camera modes: rely on existing features, or other reliable services. like Adobe Scan or Google Lens, rather than putting your security at risk.