Saturday, November 9, 2024
HomeAndroidGoogle Play Store Flooding with Spyware, Banking Trojan, Adware Via Games, and...

Google Play Store Flooding with Spyware, Banking Trojan, Adware Via Games, and Utility Apps

Published on

Malware protection

Google Play continues to be the source for malicious applications, researchers found several Android banking malware, adware, and other threats. These applications are designed to spy on users and to show unwanted ads.

The apps are disguised as legitimate applications such as crypto exchange, family locator, game applications, photo editors, memory boosters, security and camera apps.

Malicious Applications On Google Play

Researchers spotted a new banking trojan dubbed Android.Banker.352.origin distributed through a fake version of the official YoBit crypto application.

- Advertisement - SIEM as a Service

Once the application launched it open’s up a fake authentication window and asks customers to enter login credentials, if the login credentials are entered then the app sends the login credentials to the attacker server and shows the message claiming service unavailable.

The trojan also capable of hooking auth codes from text messages, block notification in the infected device.

Another malware dubbed Android.Banker.347.origin spotted on Google play which is a modified version of Android.BankBot.495.origin & Android.Banker.346.origin, this malware distributed under the guise of ‘Encontre mais’ apps that used to locate family and friends.

The malware specifically targets Brazilian customers associated with financial organizations. It steals sensitive data from the Android device and capable of pushing phishing pages based on the command from the attacker.

Another malware such as Android.DownLoader.920.origin and Android.DownLoader.921.origin distributed as a game application capable of installing other torjanized apps.

“In September, several modifications of the Android. Joker trojan family were found on Google Play. These malicious applications were embedded in seemingly harmless software, such as plug-ins for cameras, photo editors, image collections, various system utilities, and other software,” reads Dr. Web report.

The modified version of Android.Joker, Android.Click.781 and Android.Click.325.origin use to subscribe for premium services without user consent and transfer the contact data from the victim’s contact list to the attacker’s server.

“Doctor Web experts discovered several new versions of riskware, designed to spy on Android device users. The list included Program.Panspy.1.origin, Program.RealtimeSpy.1.origin, and Program.MonitorMinor.”

These spyware apps are capable of stealing various sensitive information such as text messages, phone calls, instant messaging, tracking the location of devices, and send the data to the attacker’s server.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...