Vicious malware found in Android apps with over 19 million installs - here's how to stay safe

News
By published

Dozens of apps smuggled into the Android Play Store

Users display warnings about the use of artificial intelligence (AI), access to malicious software or threats to online hackers. computer cyber security Warning concept or tech scam.
(Image credit: Shutterstock)
  • Zscaler ThreatLabs found 77 malicious apps in the Play Store
  • They were downloaded more than 19 million times, carrying different malware
  • The most prevalent variant was Joker

Security researchers have discovered 77 apps on the Google Play Store delivering all sorts of malware to users.

Cumulatively, the apps were downloaded 19 million times, according to Zscaler ThreatLabs, which uncovered the large campaign after investigating an infection by a popular Android baking trojan called Anatsa (or Tea Bot).

In the investigation, the researchers determined the majority of the apps - 25% - were used to deploy Joker, a piece of malware that can send texts, grab screenshots, make phone calls, exfiltrate contacts list, subscribe users to premium services, and more.

How to stay safe

Besides Joker, the researchers also spotted a variant called Harly, different adware code, and Anatsa, a dangerous banking trojan that can now steal login credentials and other sensitive information from more than 800 banking and crypto apps. Anatsa also seems to have increased its scope, now also targeting victims in Germany and South Korea.

Most of the malicious apps were described as “maskware” - on the surface they work as intended, but in the background, they can steal login credentials, sensitive data, and more.

Generally, security researchers would advise everyone to only download apps from reputable sources.

However, with the Google Play Store being one of those reputable sources, it is obvious that this advice is not enough to stay safe.

Users should also make sure Play Protect, Android’s built-in security system that scans apps from the Play Store and the device for malware, harmful behavior, or suspicious activity.

Furthermore, users should review each app before downloading, looking at the overall score, the number of downloads, and reviews. Glancing through the reviews should be enough to determine if an app is a potential problem, or not.

Finally, users should mind the permissions freshly installed apps ask for. Most of the time, malicious apps will require Accessibility permissions, and that can serve as a reliable red flag.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.