Sunday, May 18, 2025
HomeAndroidGoogle Play Store Flooding with Spyware, Banking Trojan, Adware Via Games, and...

Google Play Store Flooding with Spyware, Banking Trojan, Adware Via Games, and Utility Apps

Published on

SIEM as a Service

Follow Us on Google News

Google Play continues to be the source for malicious applications, researchers found several Android banking malware, adware, and other threats. These applications are designed to spy on users and to show unwanted ads.

The apps are disguised as legitimate applications such as crypto exchange, family locator, game applications, photo editors, memory boosters, security and camera apps.

Malicious Applications On Google Play

Researchers spotted a new banking trojan dubbed Android.Banker.352.origin distributed through a fake version of the official YoBit crypto application.

- Advertisement - Google News

Once the application launched it open’s up a fake authentication window and asks customers to enter login credentials, if the login credentials are entered then the app sends the login credentials to the attacker server and shows the message claiming service unavailable.

The trojan also capable of hooking auth codes from text messages, block notification in the infected device.

Another malware dubbed Android.Banker.347.origin spotted on Google play which is a modified version of Android.BankBot.495.origin & Android.Banker.346.origin, this malware distributed under the guise of ‘Encontre mais’ apps that used to locate family and friends.

The malware specifically targets Brazilian customers associated with financial organizations. It steals sensitive data from the Android device and capable of pushing phishing pages based on the command from the attacker.

Another malware such as Android.DownLoader.920.origin and Android.DownLoader.921.origin distributed as a game application capable of installing other torjanized apps.

“In September, several modifications of the Android. Joker trojan family were found on Google Play. These malicious applications were embedded in seemingly harmless software, such as plug-ins for cameras, photo editors, image collections, various system utilities, and other software,” reads Dr. Web report.

The modified version of Android.Joker, Android.Click.781 and Android.Click.325.origin use to subscribe for premium services without user consent and transfer the contact data from the victim’s contact list to the attacker’s server.

“Doctor Web experts discovered several new versions of riskware, designed to spy on Android device users. The list included Program.Panspy.1.origin, Program.RealtimeSpy.1.origin, and Program.MonitorMinor.”

These spyware apps are capable of stealing various sensitive information such as text messages, phone calls, instant messaging, tracking the location of devices, and send the data to the attacker’s server.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...