Researchers uncovered apps in the Google Play store that appeared to be safe but were actually malware that stole banking details. These fraudulent apps have since been removed, according to Google.
According to an Ars Technica study, these 12 apps masquerading as QR scanners, PDF scanners, and Bitcoin wallets have been downloaded over 300,000 times.
After further study, mobile security researchers at ThreatFabric discovered that this spyware captured people’s banking passwords and two-factor authentication codes. The software also logged keystrokes and stole screenshots of people’s devices, they subsequently said.
By first presenting consumers with a seemingly legitimate software that tested negative for malware, these apps were able to get through Google’s firewall limitations. When customers first downloaded the apps, they worked just as claimed.
However, after the apps were installed, they requested updates from third-party sources, which many users accepted since they had grown to trust them. That’s when the software was installed as a Trojan horse, a sort of spyware known for its supposedly innocent appearance.
Anatsa is the malware family that is responsible for the majority of these infective programmes. This is a sophisticated Android banking Trojan that uses a variety of methods to defraud the user, including remote access and automatic transfer systems, which automatically empty the victim’s accounts and transfer the funds to the hijacker’s accounts.