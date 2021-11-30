Tech

these apps must be removed immediately

Kim Lee
0 22 2 minutes read

From time to time we happen to talk about Android applications containing malware discoveries in the Google Play Store by groups of researchers and that the Mountain View giant is preparing to remove to limit the damage caused to users and something similar has happened in the past few hours.

A team of Threat Fabric researchers, in fact, claims to have discovered a series of apps, downloaded from Google Play more than 300,000 times, which, while boasting a “normal” appearance, are actually banking trojans which steal user passwords and two-factor authentication codes, record password sequences and take screenshots.

New malware apps found in the Google Play Store

The apps in question, disguised as QR scanners, PDF scanners, and cryptocurrency wallets, belonged to four separate Android malware families and were distributed over four months, using several tricks to circumvent the restrictions that Google came up with in an attempt to curb the spread of fraudulent applications in the official Android store.

The method studied by the attackers to target users is to make these applications perfectly functional, so as to win their trust and push them to release positive ratings on the Google Play Store and it is through the updates of these applications that the malicious software is downloaded (the Anatsa malware ), thus installed on the device of the unsuspecting victim.

Android malware

Besides Anatsa, three other families of malware have been identified, namely Alien, Hydra and Ermac.

These are some of the applications reported by the researchers, with their package name and SHA-256:

  • Two Factor Authenticatorcom.flowdivison – a3bd136f14cc38d6647020b2632bc35f21fc643c0d3741caaf92f48df0fc6997
  • Protection Guardcom.protectionguard.app – d3dc4e22611ed20d700b6dd292ffddbc595c42453f18879f2ae4693a4d4d925a
  • QR CreatorScannercom.ready.qrscanner.mix – ed537f8686824595cb3ae45f0e659437b3ae96c0a04203482d80a3e51dd915ab
  • Live Master Scannercom.multifuction.combine.qr – 7aa60296b771bdf6f2b52ad62ffd2176dc66cb38b4e6d2b658496a6754650ad4
  • QR Scanner 2021com.qr.code.generate – 2db34aa26b1ca5b3619a0cf26d166ae9e85a98babf1bc41f784389ccc6f54afb
  • QR Scannercom.qr.barqr.scangen – d4e9a95719e4b4748dba1338fdc5e4c7622b029bbcd9aac8a1caec30b5508db4
  • PDF Document Scanner – Scan to PDFcom.xaviermuches.docscannerpro2 – 2080061fe7f219fa0ed6e4c765a12a5bc2075d18482fa8cf27f7a090deca54c5
  • PDF Document Scannercom.docscanverifier.mobile – 974eb933d687a9dd3539b97821a6a777a8e5b4d65e1f32092d5ae30991d4b544
  • PDF Document Scanner Freecom.doscanner.mobile – 16c3123574523a3f1fb24bbe6748e957afff21bef0e05cdb3b3e601a753b8f9d
  • CryptoTrackercryptolistapp.app.com.cryptotracker – 1aafe8407e52dc4a27ea800577d0eae3d389cb61af54e0d69b89639115d5273c
  • Gym and Fitness Trainercom.gym.trainer.jeux – 30ee6f4ea71958c2b8d3c98a73408979f8179159acccc01b6fd53ccb20579b6b
  • Gym and Fitness Trainercom.gym.trainer.jeux – b3c408eafe73cad0bb989135169a8314aae656357501683678eff9be9bcc618f

Obviously, the advice for those who have installed one or more of these applications is to remove them immediately from their device.

You can find the full article published by Threat Fabric researchers by following this link.

