Sunday, May 25, 2025
HomeAndroidPlayPraetor Malware Targets Android Users via Fake Play Store Apps to Steal...

PlayPraetor Malware Targets Android Users via Fake Play Store Apps to Steal Passwords

Published on

SIEM as a Service

Follow Us on Google News

A sophisticated malware campaign, dubbed PlayPraetor, has been uncovered by cybersecurity firm CTM360.

This operation involves creating fake Google Play Store websites that deceive users into downloading malicious Android applications.

These apps, though appearing legitimate, are actually advanced banking Trojans designed to steal sensitive user information, including banking credentials and clipboard data.

- Advertisement - Google News

Operation Details

The PlayPraetor malware is part of a large-scale scam that has been identified across over 6,000 fraudulent web pages.

These fake Play Store sites are crafted to closely resemble the official platform, featuring familiar icons and layouts to build trust with potential victims.

Once a user clicks the “Download” button, they are prompted to install an APK file that is actually the PlayPraetor Trojan.

This malware can log keystrokes, capture screen content, and continuously monitor clipboard activity to steal sensitive data such as login credentials and cryptocurrency addresses.

The distribution of these malicious links is primarily through Meta Ads and SMS messages, which effectively reach a wide audience.

Scammers exploit psychological triggers like free offers or urgent security warnings to pressure users into quick decisions without verifying the legitimacy of the apps.

Upon installation, the malware communicates with its command and control (C&C) server to retrieve a list of targeted banking and cryptocurrency wallet applications.

According to the researchers, it then checks for these apps on the compromised device and sends relevant information back to the server.

Monetization and Impact

The primary motive behind these attacks is financial gain.

Threat actors exploit stolen data by draining funds from compromised accounts, making unauthorized transactions, or selling the accounts on dark web marketplaces.

Additionally, the malware can intercept SMS messages, including one-time passwords used for multi-factor authentication, allowing attackers to bypass security measures.

The malware may also engage in ad fraud by silently running in the background to generate fake traffic or subscribe victims to premium services without their consent.

The scale and complexity of this operation indicate a highly coordinated effort to compromise users globally, particularly in South-East Asia.

Users are advised to be cautious when downloading apps, ensuring they are from the official Google Play Store and not from suspicious links or websites.

Regularly updating security software and being vigilant about app permissions can also help mitigate the risk of such malware infections.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...