Detected 4 banking trojans in 11 apps on Google Play Store
Cybersecurity firm ThreatFnai discovered four different banking trojans that were distributed through the Google Play Store itself between August and November 2021. These trojans are distributed through malicious applications that impersonate harmless applications and utilities.
The four trojans in question are Anatsa (aka TeaBot), Alien, ERMAC and Hydra. They are fine-tuned to evade nearly all detection and interception campaigns of the protection system. In just about 3 months, these 4 trojans have spread to over 300,000 devices.
Here is a list of apps that contain banking trojans:
- Two Factor Authenticator (com.flowdivison)
- Protection Guard (com.protectionguard.app)
- QR CreatorScanner (com.ready.qrscanner.mix)
- Master Scanner Live (com.multifuction.combine.qr)
- QR Scanner 2021 (com.qr.code.generate)
- QR Scanner (com.qr.barqr.scangen)
- PDF Document (com.xaviermuches.docscannerpro2)
- Scanner - Scan to PDF
- PDF Document Scanner (com.docscanverifier.mobile)
- PDF Document Scanner Free (com.doscanner.mobile)
- CryptoTracker (cryptolistapp.app.com.cryptotracker)
- Gym and Fitness Trainer (com.gym.trainer.jeux)
Earlier this month, Google introduced limits to restrict the use of accessibility permissions to allow malicious apps to collect sensitive data from Android devices. However, the malware developers have tweaked their tactics to be able to attack even when forced to install according to the traditions, through the official app stores.
One of the most sophisticated tactics is called versioning. Initially, a clean version with standard functionality of the application will be uploaded to the app store. Then, the malicious code will be introduced gradually through updates.
If you find these applications on your phone, you should remove them immediately to avoid future damage.
You should read it
- Stolen bank account with Trojan Banking
- New bank trojan detection on Android Red Alert
- LokiBot - bank trojan on Android turns into ransomware when you try to delete it
- Destroy ZeuS, the 'lord' of banking trojans
- Trojan banks surpass the malware defense of Google Play
- Use SEO to bring Google search results to bank trojans
- New banking malware discovered that can remotely control Android devices
- Trojan root Android device bypasses Google's security mode on Play Store
- BankBot is back on Play Store - an uninterrupted story about malware on Android
- Hackers are taking advantage of the Store to distribute malware
- The new Trojan silently steals $ 1 billion from bank accounts
- Discovering many applications containing malware on Google Play Store, Android users should worry gradually
May be interested
NVIDIA GeForce RTX 3050 will be more powerful than GTX 1660 SUPER, expected to launch in 2022
The 'legendary' Clippy assistant suddenly appeared on Windows 11, but in the form of a funny emoji
New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdropped
Apple sues the maker of Pegasus spyware that specializes in stealing data on iPhones
Microsoft updates many more enterprise security features for Authenticator
23 malicious apps that steal Facebook and Instagram accounts and blackmail users, need to be removed immediately