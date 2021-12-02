from Riccardo Lichene

Malicious software arrived via an update from a third-party site authorized by users who already used the app

A group of researchers discovered a series of apps (downloaded from Google Play more than 300,000 times) that, after going through Google’s security checks, turned out to be banking Trojans that stole user passwords and two-factor authentication codes. also recording keystrokes and taking screenshots. The apps, which passed off as QR code scanners and PDF scanners, belonged to four separate families of Android malware and were distributed over four months. Hackers have used several tricks to circumvent the restrictions that Google has come up with in an attempt to curb the distribution of fraudulent apps in its store.

How Malware did it What makes these apps very difficult to auto-detect (Google Play receives tens of thousands of requests per day) that they all have a very small malicious footprint, researchers from mobile security firm ThreatFabric wrote in a post. The real problem that these apps initially proved benign, in short, they did their job. Some time after installation, however, users received notifications asking them to download updates to install additional features. These updates did not come directly from the Google store but from third party sources (websites / dropbox folders): that’s how malicious software arrived in the Android devices of 300,000 people. The malware family responsible for the largest number of these infections known as Anatsa. a rather advanced Android banking trojan that offers a variety of features, including remote access and an automatic transfer system, which automatically empties victims’ accounts and sends content to accounts belonging to malware operators.

What are the dangerous apps These are the apps identified by researchers and responsible for the theft of the banking credentials of over 300 thousand people: QR Creator Scanner, Master Scanner Live, QR Scanner 2021, QR Scanner, PDF Document Scanner – Scan to PDF, PDF Document Scanner, PDF Document Scanner Free , CryptoTracker, Gym and Fitness Trainer, Two Factor Authenticator, Protection Guard. No.n the past decade, malicious apps have regularly affected Google Play users. As in the latter case, Google moved quickly and removed all fraudulent apps once it was informed, but the company was chronically unable to deny access to its store to thousands of apps that infiltrated the system. and have infected thousands or even millions of users.

How to try to protect yourself Not always easy to spot these scams. Reading user comments can help, but not always, as scammers often fill their apps with fake reviews. TOAlthough avoiding apps with a small user base can help, but in this case this tactic would have been ineffective. Users should also think carefully before downloading apps or updates from third party sites. The best tip for staying safe from malicious Android apps is be extremely thrifty in installing them. And if an app hasn’t been used in a while, uninstalling it is always a good idea.