For the past six months, rogue apps posing as QR scanners, PDF scanners and Crypto wallets could be offered undisturbed on the Google Play Store, Ars Technica said . In reality, the apps turned out to contain so-called banking Trojans. This allowed the apps to surreptitiously intercept keystrokes, credentials, and multi-factor authentication codes. The infected apps have been downloaded more than 300,000 times.
Under normal circumstances, apps that are in the Play Store are safe, because they are strictly checked before they can be offered in the app store. On most Android phones it is also not possible to install apps from outside the Play Store.
For example, Google ensures that functions intended to help visually impaired users are not misused to install apps or change settings unnoticed. For example, blind people can operate their phone’s screen by ear, while the phone’s screen is black to save power.
The criminals were particularly devious to circumvent Google’s security measures. They did this in a number of ways, for example by offering a decent App through the Playstore and then encouraging users in the app to download updates for the app from outside the Playstore. The app manages to lure users to the rogue site with the claim that they would get extra workouts for free if they download the update.
In another case, the malware operators installed the malicious portion of the app by adding it over time through multiple updates. Several types of malware were found, including the Android banking trojan Anantsa. This malware is capable of automatically intercepting banking information and draining the victim’s account.
Since the malicious elements came from outside or were spread in very small chunks, it is very difficult to detect the rogue apps before it is too late. In addition, the apps also had a lot of positive reviews and a lot of time and effort was clearly spent on the appearance of legitimacy.
To avoid falling victim to rogue apps, we recommend that you only download apps that you trust and that you really need. For example, choose the free apps from Adobe as a PDF reader or scanner and only use crypto wallets that have been widely tested within the crypto community. Also, be critical when granting permissions to apps: a calculator simply doesn’t need access to your selfie camera.
Catch up on more articles here
Follow us on Twitter here