90 malicious apps bypass Play Store security and collect 5.5 million downloads

Despite Google's best efforts, malicious Android apps often bypass security measures and end up in the Play Store. Users then download these apps thinking they are safe, only to fall victim to malware campaigns again. Security researchers Zscaler ThreatLabz recently discovered more than 90 such Android apps with combined downloads of more than 5.5 million on the Play Store.

More than 90 malicious Android apps discovered in the Play Store

The research agency emphasizes this in a blog post a recent increase in activity from the Anatsa banking trojan. The Trojan, also known as Teabot, targets apps from more than 650 financial institutions worldwide in an attempt to steal people's banking information to conduct fraudulent transactions. It reached over 150,000 infections via the Play Store within a few months between late 2023 and February 2024 using various decoy apps.

According to Zscaler ThreatLabz, the latest Anatsa malware campaign used apps called “PDF Reader & File Manager” and “QR Reader & File Manager” as decoy apps. The two apps, which have since been removed from the Play Store, had amassed 70,000 installs when the company discovered they were spreading malware. Threat actors behind the campaign were deployed a multi-step mechanism to avoid detection.

Once the malicious app is installed on an Android device, it retrieves the configuration and essential strings from the C2 server. The app then downloads the DEX file containing the malicious dropper code and activates it on the device. This is followed by a configuration file containing the Anatsa payload URL. Finally, the DEX file downloads the APK for the malware payload and installs it to complete the infection.

The malware also has a mechanism to prevent its execution in sandboxes or emulation environments. All this makes it difficult for security systems to detect it. However, the Anatsa malware is not the only one that Zscaler ThreatLabz has discovered on the Play Store. The research agency found more than 90 apps spreading various other types of malware including Joker, Facestealer, Coper and Adware.

Avoid downloading third-party alternatives to stock apps

The researchers did not reveal the names of the other malicious apps in the Play Store. They said the apps mimicked various productivity tools, personalization tools, photography tools and health and fitness apps. The company has likely already reported the apps to Google and may have removed them from the Play Store.

However, this is certainly not the end of the malware-laden apps in the official Android App Store. Threat actors often think one step further than security experts. They always find a way to bypass Google's security measures. You should be careful when downloading apps from lesser-known developers. Most Android devices come with a built-in file manager, PDF reader, camera app, and other productivity tools. Avoid downloading third-party alternatives.

Android malware apps Google Play Store

Related Posts

As 'zombie deer disease' spreads, scientists search for answers

This story originally appeared on Yale Environment 360. Late last year, federal officials discovered the carcass of a mule deer near Yellowstone Lake in a remote area of ​​Yellowstone National…

Britain is investigating HPE's planned $14 billion takeover of Juniper Networks

The British Competition and Markets Authority (CMA) has done this initiated a formal “Phase 1” investigation into the planned acquisition of Juniper Networks by Hewlett Packard Enterprise (HPE). The CMA…

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

What is open and closed on Juneteenth? See which shops and restaurants are open today.

  • June 19, 2024
What is open and closed on Juneteenth?  See which shops and restaurants are open today.

shares, news and UK inflation data

  • June 19, 2024
shares, news and UK inflation data

10 ways BPD services can effectively manage symptoms and improve quality of life

  • June 19, 2024
10 ways BPD services can effectively manage symptoms and improve quality of life

How grounding came into existence and its modern applications

  • June 19, 2024
How grounding came into existence and its modern applications

As 'zombie deer disease' spreads, scientists search for answers

  • June 19, 2024
As 'zombie deer disease' spreads, scientists search for answers

Here are Wall Street's favorite picks in the S&P 500 for the second half of the year

  • June 19, 2024
Here are Wall Street's favorite picks in the S&P 500 for the second half of the year

Here is the complete list of hurricane names for the 2024 season

  • June 19, 2024
Here is the complete list of hurricane names for the 2024 season

How to protect yourself from a passive-aggressive partner

  • June 19, 2024
How to protect yourself from a passive-aggressive partner

Large wildfires create weather that promotes more fire

  • June 19, 2024
Large wildfires create weather that promotes more fire

Britain is investigating HPE's planned $14 billion takeover of Juniper Networks

  • June 19, 2024
Britain is investigating HPE's planned $14 billion takeover of Juniper Networks

Nvidia overnight rally lifts chip-related stocks in Asia on AI optimism

  • June 19, 2024
Nvidia overnight rally lifts chip-related stocks in Asia on AI optimism