Google Play continues to be the source for malicious applications, researchers found several Android banking malware, adware, and other threats. These applications are designed to spy on users and to show unwanted ads.
The apps are disguised as legitimate applications such as crypto exchange, family locator, game applications, photo editors, memory boosters, security and camera apps.
Malicious Applications On Google Play
Researchers spotted a new banking trojan dubbed Android.Banker.352.origin distributed through a fake version of the official YoBit crypto application.
Once the application launched it open’s up a fake authentication window and asks customers to enter login credentials, if the login credentials are entered then the app sends the login credentials to the attacker server and shows the message claiming service unavailable.
The trojan also capable of hooking auth codes from text messages, block notification in the infected device.
Another malware dubbed Android.Banker.347.origin spotted on Google play which is a modified version of Android.BankBot.495.origin & Android.Banker.346.origin, this malware distributed under the guise of ‘Encontre mais’ apps that used to locate family and friends.
The malware specifically targets Brazilian customers associated with financial organizations. It steals sensitive data from the Android device and capable of pushing phishing pages based on the command from the attacker.
Another malware such as Android.DownLoader.920.origin and Android.DownLoader.921.origin distributed as a game application capable of installing other torjanized apps.
“In September, several modifications of the Android. Joker trojan family were found on Google Play. These malicious applications were embedded in seemingly harmless software, such as plug-ins for cameras, photo editors, image collections, various system utilities, and other software,” reads Dr. Web report.
The modified version of Android.Joker, Android.Click.781 and Android.Click.325.origin use to subscribe for premium services without user consent and transfer the contact data from the victim’s contact list to the attacker’s server.
“Doctor Web experts discovered several new versions of riskware, designed to spy on Android device users. The list included Program.Panspy.1.origin, Program.RealtimeSpy.1.origin, and Program.MonitorMinor.”
These spyware apps are capable of stealing various sensitive information such as text messages, phone calls, instant messaging, tracking the location of devices, and send the data to the attacker’s server.