Monday, December 4, 2023

Google Play Store Flooding with Spyware, Banking Trojan, Adware Via Games, and Utility Apps

Google Play continues to be the source for malicious applications, researchers found several Android banking malware, adware, and other threats. These applications are designed to spy on users and to show unwanted ads.

The apps are disguised as legitimate applications such as crypto exchange, family locator, game applications, photo editors, memory boosters, security and camera apps.

Malicious Applications On Google Play

Researchers spotted a new banking trojan dubbed Android.Banker.352.origin distributed through a fake version of the official YoBit crypto application.

Once the application launched it open’s up a fake authentication window and asks customers to enter login credentials, if the login credentials are entered then the app sends the login credentials to the attacker server and shows the message claiming service unavailable.

The trojan also capable of hooking auth codes from text messages, block notification in the infected device.

Another malware dubbed Android.Banker.347.origin spotted on Google play which is a modified version of Android.BankBot.495.origin & Android.Banker.346.origin, this malware distributed under the guise of ‘Encontre mais’ apps that used to locate family and friends.

The malware specifically targets Brazilian customers associated with financial organizations. It steals sensitive data from the Android device and capable of pushing phishing pages based on the command from the attacker.

Another malware such as Android.DownLoader.920.origin and Android.DownLoader.921.origin distributed as a game application capable of installing other torjanized apps.

“In September, several modifications of the Android. Joker trojan family were found on Google Play. These malicious applications were embedded in seemingly harmless software, such as plug-ins for cameras, photo editors, image collections, various system utilities, and other software,” reads Dr. Web report.

The modified version of Android.Joker, Android.Click.781 and Android.Click.325.origin use to subscribe for premium services without user consent and transfer the contact data from the victim’s contact list to the attacker’s server.

“Doctor Web experts discovered several new versions of riskware, designed to spy on Android device users. The list included Program.Panspy.1.origin, Program.RealtimeSpy.1.origin, and Program.MonitorMinor.”

These spyware apps are capable of stealing various sensitive information such as text messages, phone calls, instant messaging, tracking the location of devices, and send the data to the attacker’s server.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Website

Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles