Cybersecurity researchers have discovered at least four Android banking trojans that were distributed through apps on the Google Play Store. Android malware is nothing new but the ease with which these apps were able to sneak into the Google Play Store is certainly a cause for concern. While the relative openness of Android contributes to the growing number of malware on the platform, the inability of Google to weed them out remains a problem even after all these years.

Cyber-crime during the pandemic has been making news for all the wrong reasons. While malware has existed longer than the internet has, the past couple of years have seen a significant uptick in the number of hackings, ransomware attacks, organized phishing operations, and so on. Scammers are also reportedly carrying out crypto frauds via popular dating apps and resorting to SIM-swapping scams to swindle people out of their hard-earned money.

Related: Fake Android Apps Use Imitation To Spread Malware: What You Need To Know

According to security researchers at ThreatFabric, there were multiple seemingly-benign Android apps that were hiding banking trojans. These malware droppers were downloaded over 300,000 times from the Google Play Store, enabling the trojans to intercept user passwords, two-factor authentication codes, keystrokes, and more. They even took surreptitious screenshots on infected devices, say the researchers. The droppers were designed as fitness apps, QR scanners, crypto wallets, and PDF readers, and were distributing trojans from at least four known families, including Anatsa, Alien, ERMAC, and Hydra. The errant apps include Gym and Fitness Trainer, QR Scanner 2021, QR Scanner, PDF Document Scanner - Scan to PDF, PDF Document Scanner, PDF Document Scanner Free, CryptoTracker, Two Factor Authenticator, Protection Guard, QR CreatorScanner, and Master Scanner Live. All the apps detected as malicious by the researchers have been removed from the Google Play Store, so any users that still have them on their devices should immediately uninstall them to ensure that they don't fall victim to an elaborate malware attack.

Malware Evaded Detection By VirusTotal

FBI Hacks Ransomware Group Responsible For Colonial Pipeline Attack

The malware droppers were distributed on the Google Play Store between August and November 2021 but went undetected in the initial phase. The researchers say that the malware evaded detection by the anti-malware engines on VirusTotal by first delivering a benign app that then required users to download updates from third-party sources. This allowed the malware operators to introduce the trojans to the mix without tripping off the malware-detection engines. Per the researchers, what made it really difficult for traditional anti-malware software is that the "dropper apps all have a very small malicious footprint" thanks to the permission restrictions enforced by Google.

In many cases, the apps also avoided detection because the threat operators only installed the malicious payload depending on the user's location. Which means the same app could be malicious to users in a particular region, and completely benign elsewhere. The trojan responsible for the most number of infections in Anatsa, which the researchers describe as a "rather advanced Android banking trojan" with a wide range of capabilities, including remote access and automatic transfer capability that can automatically withdraw funds from the victims' accounts and deposit them in accounts belonging to the Android malware operators.

Next: Apple Says Macs Now Have A High & Unacceptable Level Of Malware

Source: ThreatFabric