Monday, February 17, 2025
HomeAndroidGoogle Play Store Flooding with Spyware, Banking Trojan, Adware Via Games, and...

Google Play Store Flooding with Spyware, Banking Trojan, Adware Via Games, and Utility Apps

Published on

SIEM as a Service

Follow Us on Google News

Google Play continues to be the source for malicious applications, researchers found several Android banking malware, adware, and other threats. These applications are designed to spy on users and to show unwanted ads.

The apps are disguised as legitimate applications such as crypto exchange, family locator, game applications, photo editors, memory boosters, security and camera apps.

Malicious Applications On Google Play

Researchers spotted a new banking trojan dubbed Android.Banker.352.origin distributed through a fake version of the official YoBit crypto application.

Once the application launched it open’s up a fake authentication window and asks customers to enter login credentials, if the login credentials are entered then the app sends the login credentials to the attacker server and shows the message claiming service unavailable.

The trojan also capable of hooking auth codes from text messages, block notification in the infected device.

Another malware dubbed Android.Banker.347.origin spotted on Google play which is a modified version of Android.BankBot.495.origin & Android.Banker.346.origin, this malware distributed under the guise of ‘Encontre mais’ apps that used to locate family and friends.

The malware specifically targets Brazilian customers associated with financial organizations. It steals sensitive data from the Android device and capable of pushing phishing pages based on the command from the attacker.

Another malware such as Android.DownLoader.920.origin and Android.DownLoader.921.origin distributed as a game application capable of installing other torjanized apps.

“In September, several modifications of the Android. Joker trojan family were found on Google Play. These malicious applications were embedded in seemingly harmless software, such as plug-ins for cameras, photo editors, image collections, various system utilities, and other software,” reads Dr. Web report.

The modified version of Android.Joker, Android.Click.781 and Android.Click.325.origin use to subscribe for premium services without user consent and transfer the contact data from the victim’s contact list to the attacker’s server.

“Doctor Web experts discovered several new versions of riskware, designed to spy on Android device users. The list included Program.Panspy.1.origin, Program.RealtimeSpy.1.origin, and Program.MonitorMinor.”

These spyware apps are capable of stealing various sensitive information such as text messages, phone calls, instant messaging, tracking the location of devices, and send the data to the attacker’s server.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...

Beware! Fake Outlook Support Calls Leading to Ransomware Attacks

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...