January 17, 2022
Malicious Android Apps Infected over 300,000 Devices with Costly Banking Trojans

Another Malware Campaign Hid Dangerous Banking Trojans in Legitimate-Looking Apps, Infecting over 300,000 Devices

Mobile apps ostensibly offering mundane functions actually deployed banking Trojans onto over 300,000 victims’ devices to steal money…

Security researchers have discovered another batch of dangerous apps cunningly disguised as legitimate software hiding dangerous malware that steals victims’ banking credentials. Thus far, security experts at ThreatFabric estimate that over 300,000 devices have been infected with the malicious theft code threat actors cleverly submitted to the Google Play Store by subverting its safety protocols.

Malicious Android Apps Infected over 300,000 Devices with Costly Banking Trojans

The malevolent apps contained code belonging to four different banking Trojan families: Anatsa, Alien, Hydra, and Ermac. Of these, the first was the most widespread among them but all four essentially perform the same fraudulent functions. The hackers behind the campaign initially submitted apps containing no malicious code to the Google Play Store. So, they easily passed muster. Once installed, victims were prompted to update the applications, thus triggering a sideloading process that did not go through Google’s Play Protect filters.

Basically, this update was facilitated through off-site processes and therefore was not subject to Google’s scrutiny. The updates included the banking Trojans which then went to work to steal victims’ financial login credentials. Fortunately, the apps have been removed from the digital store since being reported to Google by security researchers.

Ashley Lipman

Ashley Lipman is a super-connector with Outreachmama who helps businesses find their audience online through outreach, partnerships, and networking.

View all posts by Ashley Lipman →