Android Banking Trojans Garnered 300K Downloads By Faking Apps

Android banking trojans have once again flooded the Google Play Store to target users by mimicking well known apps. The attackers have seemingly succeeded in that the trojans garnered over 300,000 downloads.

Android Banking Trojans Faking Apps

Researchers from ThreatFabric have recently shared a detailed report about an ongoing scam that tricked thousands of Android users. As elaborated, they noticed numerous Android banking trojans impersonating different apps and flooding Google Play Store.

Specifically, the researchers found four different malware targeting users on the Play Store. These include the following.

  • Anatsa – an Android banking RAT that performs classic overlays, steal credentials, accessibility logging, keylogging. This malware mimicked QR scanners, PDF scanners, and cryptocurrency apps, garnering 100,000+ and 50,000+ installations separately.
  • Hydra – a trojan dropped by Brunhilda dropper.
  • Ermac – a novel malware that Brunhilda dropper served.
  • Alien – another malware from Brunhilda dropper. However, it had a widespread existence and garnered over 50,000+ installations.

Aside from Brunhilda, the researchers also observed another malware dropper, “GymDrop,” involved in these campaigns. It impersonated self-training apps to trick users and successfully attracted 10,000 downloads.

In all, the four different malware families identified in this research attracted over 300,000 downloads within four months.

The researchers believe that the threat actors employed stealth measures to bypass Play Store security and specifically target users. As stated in their report,

The small malicious footprint is a result of the new Google Play restrictions (current and planned) to put limitations on the use of privacy concerning app permissions…
By limiting the use of these permissions, actors were forced to choose the more conventional way of installing apps, which is by asking the installation permission, with the side-effect of blending in more with legitimate apps.

Given that these apps have a very low detection rate, the onus of ensuring security comes down to the users themselves. Mainly, avoiding downloading apps from unpopular, new, or untrusted sources is the key to preventing getting malware infections.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients