Wednesday, May 29, 2024

Android Trojan On the Google Play Store With Over 500,000 Installs Steals from Notifications

On the Google Play Store, the cybersecurity analysts at Dr.Web have recently witnessed a major tip in trojan infiltration. Not only that even they have also detected one application that has more than 500,000 installs and steals users’ data from the notifications.

The threat actors use these malicious applications that belong to a family of trojan malware to perform several malicious tasks like:-

  • Scams
  • Data theft
  • Financial losses
  • Loss of sensitive personal information

Trojans Tracked

Here below we have mentioned all the trojans tracked by the cybersecurity experts at Dr.Web:-

  • Android.Spy.4498
  • Android.HiddenAds.3018
  • Android.HiddenAds.624.origin
  • Android.MobiDash.6922
  • Android.MobiDash.6929
  • Program.FakeAntiVirus.1
  • Program.SecretVideoRecorder.1.origin
  • Program.KeyStroke.3
  • Program.WapSniff.1.origin
  • Program.FreeAndroidSpy.1.origin
  • Tool.SilentInstaller.14.origin
  • Tool.SilentInstaller.6.origin
  • Tool.SilentInstaller.13.origin
  • Tool.SilentInstaller.7.origin
  • Tool.Loic.1.origin
  • Adware.AdPush.36.origin
  • Adware.SspSdk.1.origin
  • Adware.Myteam.2.origin
  • Adware.Adpush.16510
  • Adware.Adpush.6547

Fake WhatsApp mods

Among the detected Trojan malware, Android.Spy.4498 trojan is the one that is traced with high activity on the Google Play Store. The Android.Spy.4498 trojan is the unofficial modifications (mods) of WhatsApp messenger such as:-

  • GBWhatsApp
  • OBWhatsApp
  • WhatsApp Plus

The threat actors are spreading these fake malicious WhatsApp mods through several mediums like:-

  • Social media posts
  • Forums
  • SEO poisoning

Moreover, it has been also detected that all these above-mentioned malicious mods offer multiple utility features, and here they are:-

  • Arabic language support
  • Home screen widgets
  • Separate bottom bar
  • Hide status options
  • Call blocking
  • Auto-save received media

Other trojans on the Play Store

Along with this trojan, multiple numbers of trojan malware were detected on the Play Store by the experts of Dr.Web security firm. On the Google Play Store, the attackers are spreading threats under the hood of multiple genuine-looking applications.

Types of applications scattered by the threat actors on Google Play Store:-

  • Cryptocurrency management apps
  • Social benefit aid tools
  • Gazprom investment clones
  • Photo editors
  • A launcher themed after iOS 15

For diverting the stolen money from the victim’s account to the scammer’s bank account, the attacker tricks the user to deposit money for trading in the fake investment apps.

While in the case of other applications, the attackers trick the users into signing up for the costly subscriptions to steal their money.

Here the threat actors abuse the Flurry stat service to seize the notifications from the Google Play Store and the Samsung Galaxy Store apps.


For mitigations, the cybersecurity researchers have recommended:-

  • Avoid downloading APK’s from unknown sources.
  • Always check user reviews before downloading any applications.
  • Be cautious about the permission requested by the apps during the installation.
  • Always monitor the battery and internet data consumption.
  • Make sure to enable the Google Play Protect. 
  • Always use a robust mobile security tool.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles