scorecardresearch
Follow Us:
Tuesday, January 18, 2022

These Android apps are stealing banking credentials of users: Report

Researchers say that these apps are part of four malware families — Anatsa, Alien, Hydra, Ermac— which are designed to steal users' online banking passwords as well as two-factor authentication codes.

By: Tech Desk | Pune |
Updated: December 2, 2021 8:59:22 am
The apps belonged to four different Android malware versions, (Express Image)

A total of 12 malicious Android apps in the Google Play Store are stealing people’s bank account details, and these apps were downloaded 300,000 times, according to researchers at ThreatFabric. In a blog post, the cybersecurity experts pointed out that such applications only introduce the malware content through third-party sources after being downloaded from the Google Play store.

The malicious Android apps on the Google Play store spotted by the researchers included QR Scanner, QR Scanner 2021, PDF Document Scanner Free, PDF Document Scanner, Two Factor Authenticator, Protection Guard, QR CreatorScanner, Master Scanner Live, CryptoTracker, and Gym and Fitness Trainer.

Researchers say that these apps are part of four malware families — Anatsa, Alien, Hydra, Ermac— which are designed to steal users’ online banking passwords as well as two-factor authentication codes. The malware even captures what you type and takes screenshots of users’ phones.

Anatsa malware family, as per the report, was downloaded over 100,000 times. It should be noted that such apps have positive reviews in the Google Play Store which would make them look more legitimate.

While Google has tried to tackle the problem by introducing several restrictions to seize the distribution of fraudulent apps. But, what makes these apps difficult to detect is that they have a very small malicious footprint, which goes undetected by Google Play Store.

“These applications entice users by offering additional content through such third-party updates. In some cases, the malware operators are said to have manually triggered malicious updates after tracking the geographical location of the infected devices,” the researchers added.

Earlier, in 2020, Joker trojan found its way to the Google Play store, affecting users by subscribing them to paid subscriptions without their consent.

However, there are steps you can take to avoid unintentionally installing malware on your device. The most significant in this case is to download effective antivirus software, which can scan every new app that’s downloaded and monitor it for any suspicious activity.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard
Advertisement
Advertisement
Advertisement
Advertisement