Breaking

Google Play apps downloaded 300,000 times stole bank credentials - Ars Technica
Nov 29, 2021 1 min, 20 secs

Researchers said they’ve discovered a batch of apps downloaded from Google Play more than 300,000 times before the apps were revealed to be banking trojans that surreptitiously siphoned user passwords and two-factor authentication codes, logged keystrokes, and took screenshots.

They used several tricks to sidestep restrictions that Google has devised in an attempt to rein in the unending distribution of fraudulent apps in its official marketplace.

Those limitations include restricting the use of accessibility services for sight-impaired users to prevent the automatic installation of apps without user consent.

“What makes these Google Play distribution campaigns very difficult to detect from an automation (sandbox) and machine learning perspective is that dropper apps all have a very small malicious footprint,” researchers from mobile security company ThreatFabric wrote in a post.

The apps often required updates to be downloaded from third-party sources, but by then, many users had come to trust them.

The process of infection with Anatsa looks like this: upon the start of installation from Google Play, the user is forced to update the app in order to continue using the app.

The researchers listed 12 Android apps that participated in the fraud.

Asked for comment, a Google spokesman pointed to this post from April detailing the company’s methods for detecting malicious apps submitted to Play.

Over the past decade, malicious apps have plagued Google Play on a regular basis.

Steering clear of obscure apps with small user bases can also help, but that tactic would have been ineffective in this case.

The best advice for staying safe from malicious Android apps is to be extremely sparing in installing them.

RECENT NEWS

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2024 365NEWSX - All RIGHTS RESERVED