Thursday, May 8, 2025
HomeAndroidPlayPraetor Malware Targets Android Users via Fake Play Store Apps to Steal...

PlayPraetor Malware Targets Android Users via Fake Play Store Apps to Steal Passwords

Published on

SIEM as a Service

Follow Us on Google News

A sophisticated malware campaign, dubbed PlayPraetor, has been uncovered by cybersecurity firm CTM360.

This operation involves creating fake Google Play Store websites that deceive users into downloading malicious Android applications.

These apps, though appearing legitimate, are actually advanced banking Trojans designed to steal sensitive user information, including banking credentials and clipboard data.

- Advertisement - Google News

Operation Details

The PlayPraetor malware is part of a large-scale scam that has been identified across over 6,000 fraudulent web pages.

These fake Play Store sites are crafted to closely resemble the official platform, featuring familiar icons and layouts to build trust with potential victims.

Once a user clicks the “Download” button, they are prompted to install an APK file that is actually the PlayPraetor Trojan.

This malware can log keystrokes, capture screen content, and continuously monitor clipboard activity to steal sensitive data such as login credentials and cryptocurrency addresses.

The distribution of these malicious links is primarily through Meta Ads and SMS messages, which effectively reach a wide audience.

Scammers exploit psychological triggers like free offers or urgent security warnings to pressure users into quick decisions without verifying the legitimacy of the apps.

Upon installation, the malware communicates with its command and control (C&C) server to retrieve a list of targeted banking and cryptocurrency wallet applications.

According to the researchers, it then checks for these apps on the compromised device and sends relevant information back to the server.

Monetization and Impact

The primary motive behind these attacks is financial gain.

Threat actors exploit stolen data by draining funds from compromised accounts, making unauthorized transactions, or selling the accounts on dark web marketplaces.

Additionally, the malware can intercept SMS messages, including one-time passwords used for multi-factor authentication, allowing attackers to bypass security measures.

The malware may also engage in ad fraud by silently running in the background to generate fake traffic or subscribe victims to premium services without their consent.

The scale and complexity of this operation indicate a highly coordinated effort to compromise users globally, particularly in South-East Asia.

Users are advised to be cautious when downloading apps, ensuring they are from the official Google Play Store and not from suspicious links or websites.

Regularly updating security software and being vigilant about app permissions can also help mitigate the risk of such malware infections.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...