Tuesday, October 15, 2024
HomeCyber Security NewsAndroid Trojan On the Google Play Store With Over 500,000 Installs Steals...

Android Trojan On the Google Play Store With Over 500,000 Installs Steals from Notifications

Published on

Malware protection

On the Google Play Store, the cybersecurity analysts at Dr.Web have recently witnessed a major tip in trojan infiltration. Not only that even they have also detected one application that has more than 500,000 installs and steals users’ data from the notifications.

The threat actors use these malicious applications that belong to a family of trojan malware to perform several malicious tasks like:-

  • Scams
  • Data theft
  • Financial losses
  • Loss of sensitive personal information

Trojans Tracked

Here below we have mentioned all the trojans tracked by the cybersecurity experts at Dr.Web:-

- Advertisement - SIEM as a Service
  • Android.Spy.4498
  • Android.HiddenAds.3018
  • Android.HiddenAds.624.origin
  • Android.MobiDash.6922
  • Android.MobiDash.6929
  • Program.FakeAntiVirus.1
  • Program.SecretVideoRecorder.1.origin
  • Program.KeyStroke.3
  • Program.WapSniff.1.origin
  • Program.FreeAndroidSpy.1.origin
  • Tool.SilentInstaller.14.origin
  • Tool.SilentInstaller.6.origin
  • Tool.SilentInstaller.13.origin
  • Tool.SilentInstaller.7.origin
  • Tool.Loic.1.origin
  • Adware.AdPush.36.origin
  • Adware.SspSdk.1.origin
  • Adware.Myteam.2.origin
  • Adware.Adpush.16510
  • Adware.Adpush.6547

Fake WhatsApp mods

Among the detected Trojan malware, Android.Spy.4498 trojan is the one that is traced with high activity on the Google Play Store. The Android.Spy.4498 trojan is the unofficial modifications (mods) of WhatsApp messenger such as:-

  • GBWhatsApp
  • OBWhatsApp
  • WhatsApp Plus

The threat actors are spreading these fake malicious WhatsApp mods through several mediums like:-

  • Social media posts
  • Forums
  • SEO poisoning

Moreover, it has been also detected that all these above-mentioned malicious mods offer multiple utility features, and here they are:-

  • Arabic language support
  • Home screen widgets
  • Separate bottom bar
  • Hide status options
  • Call blocking
  • Auto-save received media

Other trojans on the Play Store

Along with this trojan, multiple numbers of trojan malware were detected on the Play Store by the experts of Dr.Web security firm. On the Google Play Store, the attackers are spreading threats under the hood of multiple genuine-looking applications.

Types of applications scattered by the threat actors on Google Play Store:-

  • Cryptocurrency management apps
  • Social benefit aid tools
  • Gazprom investment clones
  • Photo editors
  • A launcher themed after iOS 15

For diverting the stolen money from the victim’s account to the scammer’s bank account, the attacker tricks the user to deposit money for trading in the fake investment apps.

While in the case of other applications, the attackers trick the users into signing up for the costly subscriptions to steal their money.

Here the threat actors abuse the Flurry stat service to seize the notifications from the Google Play Store and the Samsung Galaxy Store apps.

Recommendations

For mitigations, the cybersecurity researchers have recommended:-

  • Avoid downloading APK’s from unknown sources.
  • Always check user reviews before downloading any applications.
  • Be cautious about the permission requested by the apps during the installation.
  • Always monitor the battery and internet data consumption.
  • Make sure to enable the Google Play Protect. 
  • Always use a robust mobile security tool.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...

pac4j Java Framework Vulnerable to RCE Attacks

A critical security vulnerability has been discovered in the popular Java framework pac4j. The...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...