Detected 4 banking trojans in 11 apps on Google Play Store
Cybersecurity firm ThreatFnai discovered four different banking trojans that were distributed through the Google Play Store itself between August and November 2021. These trojans are distributed through malicious applications that impersonate harmless applications and utilities.
The four trojans in question are Anatsa (aka TeaBot), Alien, ERMAC and Hydra. They are fine-tuned to evade nearly all detection and interception campaigns of the protection system. In just about 3 months, these 4 trojans have spread to over 300,000 devices.
Here is a list of apps that contain banking trojans:
- Two Factor Authenticator (com.flowdivison)
- Protection Guard (com.protectionguard.app)
- QR CreatorScanner (com.ready.qrscanner.mix)
- Master Scanner Live (com.multifuction.combine.qr)
- QR Scanner 2021 (com.qr.code.generate)
- QR Scanner (com.qr.barqr.scangen)
- PDF Document (com.xaviermuches.docscannerpro2)
- Scanner - Scan to PDF
- PDF Document Scanner (com.docscanverifier.mobile)
- PDF Document Scanner Free (com.doscanner.mobile)
- CryptoTracker (cryptolistapp.app.com.cryptotracker)
- Gym and Fitness Trainer (com.gym.trainer.jeux)
Earlier this month, Google introduced limits to restrict the use of accessibility permissions to allow malicious apps to collect sensitive data from Android devices. However, the malware developers have tweaked their tactics to be able to attack even when forced to install according to the traditions, through the official app stores.
One of the most sophisticated tactics is called versioning. Initially, a clean version with standard functionality of the application will be uploaded to the app store. Then, the malicious code will be introduced gradually through updates.
If you find these applications on your phone, you should remove them immediately to avoid future damage.
You should read it
- Stolen bank account with Trojan Banking
- New bank trojan detection on Android Red Alert
- LokiBot - bank trojan on Android turns into ransomware when you try to delete it
- Destroy ZeuS, the 'lord' of banking trojans
- Trojan banks surpass the malware defense of Google Play
- Use SEO to bring Google search results to bank trojans
- New banking malware discovered that can remotely control Android devices
- Trojan root Android device bypasses Google's security mode on Play Store
- BankBot is back on Play Store - an uninterrupted story about malware on Android
- Hackers are taking advantage of the Store to distribute malware
- The new Trojan silently steals $ 1 billion from bank accounts
- Discovering many applications containing malware on Google Play Store, Android users should worry gradually
Maybe you are interested
How to record computer screen video with sound
How to install new version of DirectX on computer
Cybercriminals are using Microsoft Teams calls to commit fraud
Common mistakes when buying shoes that harm your feet
Google splits with Qualcomm, opts for MediaTek's 5G modem for Pixel 10 series
Fix computer error not finding Wifi network successfully