Several apps from Google Play with a combined number of downloads at more than 300,000 have been exposed as malicious software used for online banking fraud.
Last month, researchers from security firm ThreatFabric published a blog post detailing how twelve dropper apps—basically Trojan horses that are hiding other malicious apps—were able to get past Google Play’s security checks and app approval process.
In essence, the scammers behind these apps launched a distribution campaign taking advantage of permission restrictions to reduce the apps’ malicious footprint. Over time, small incremental updates were introduced to the apps while still avoiding detection. And finally, the scammers would manually activate these dropper apps and infect the device with malware for bank fraud.
The dropper apps belong to the malware families Anatsa, Alien, Ermac, and Hydra. These apps pretend to function like legit apps, such as two-step authenticators, QR scanners, PDF document scanners, fitness trainers, and cryptocurrency trackers. But when activated, these apps can steal off targeted victims their usernames and passwords for banking websites, along with keystroke logs and screenshots.