Trojan banks surpass the malware defense of Google Play

Researchers have discovered a banking malware on Android hidden on Google Play and use new tactics.

A game called Bubble Shooter Wild Life and the app called Earn Real Money Gift Cards on Google Play Store is actually used to put a bank malware named BankBot on the phone. 'Malware only really works when the Trojan is actually released on the victim's device and therefore, beyond Google's malware scanner called Bouncer,' Han Sahin, co-founder of Securify told the El Reg.

The separate studies from Zscaler gave results like what Securify found. Applications can abuse access on Android to download external programs that users do not know.

Trojan banks surpass the malware defense of Google Play Picture 1
Hidden malware on Google Play Store applications

'Poisoned applications hide themselves by hiding on Google Play and using techniques such as Time Delay or Code Obfuscation (turning variable names, objects . into meaningless characters). At this time, the app is still quite new on the Store and has less than 5,000 downloads. However, there is a concern about the rise of garbage applications, 'Zscaler warned.

El Reg asked Google to comment on this, specifically how the bad guys figured out how to get the malicious code to pass the security control but still didn't get a response. Recent security issues are ringing for Android users to be careful when downloading applications, even on Google Store