Play Store: 300,000 Android smartphones have installed apps infected with malware

The Play Store has been invaded by 4 malware families. According to ThreatFabric researchers, 300,000 Android smartphones have installed a infected application in the past 4 months. This malware is designed to steal all of the victims’ passwords, IDs, and bank details.

In its November 2021 report, ThreatFabric, a Dutch IT security company, warns Android smartphone users who install apps through the Play Store. “In the space of just 4 months, 4 major families of Android malware have been deployed through the Google Play Store, resulting in over 300,000 infections via multiple applications”, ThreatFabric announcement.

To deceive the vigilance of Internet users, hackers have hidden viruses in seemingly harmless applications. ThreatFabric experts have spotted document scanners, QR Code readers, fitness monitors, and more. applications dedicated to cryptocurrency. To bypass Google’s security measures, hackers remotely install malware once the application has been installed on users’ smartphones. The app pretends to update it to push users to install the virus. Play Protect is then ineffective.

Malware seeks to drain Android users’ bank accounts

The first category of malware spotted by researchers is called Anasta. This sophisticated banking trojan has succeeded in infiltrate 200,000 Android phones in just four months. Using an application to scan a QR Code, the malware stole the bank details of 50,000 users.

Researchers have also spotted the presence of a family of viruses called Alien. Active for over a year, the malware essentially functions like Anasta. He aims user bank accounts. Once recovered, the victims’ bank details are sold to cybercriminals on the dark web or used to deploy attacks.

Finally, ThreatFabric spotted Hydra and Ermac, two malware that target both banking apps and users of a cryptocurrency exchange, among which Binance, Coinbase or Bitstamp. Among the targets, we also find PayPal, ING or Crédit du Nord.

Also Read: Mysterious malware called Tardigrade is currently spying on companies

“The Google Play Store is the most attractive platform for malware”, warns Dario Durando, malware specialist at ThreatFabric. All infected apps have been promptly deleted by Google, reassures the expert. To avoid falling into the net of malware, Dario Durando recommends “To always check for updates, to always be very careful before granting accessibility services privileges” and “beware of applications that require you to install additional software”.

Source: ZDNet