Android apps that steal banking details were downloaded 300,000 times in just 4 months

  • A total of 12 Android banking Trojan apps were discovered on the Google Play Store.
  • These applications are capable of stealing bank information and deleting the victim’s bank account.
  • The apps were distributed within four months and downloaded 300,000 times.

Google has been improving the security of the Play Store, but there are still some malware-infused apps that manage to sneak in. Researchers have now discovered a total of 12 apps on the Play Store that were used to steal people’s bank account details, and these apps were downloaded 300,000 times.

These apps were posing as QR code scanners, PDF scanners and even cryptocurrency wallets, according to ThreatFabric researchers. The applications belonged to four Android malware versions, and were designed to steal people’s online banking passwords as well as two-factor authentication codes. The malware even captured keystrokes and could take screenshots of users’ phones.

So how did apps bypass Google’s security check? These apps were first distributed as a legitimate malware-free app and performed as advertised, leading users to think that there was nothing wrong here. The apps also had positive reviews on the Google Play Store, which would make them seem more legitimate. Users were then asked to install software updates from third-party sources for additional features.

Through these updates, a very advanced Android banking Trojan ‘Anatsa’ would be installed on the victims’ phones. This Android Trojan is capable of giving hackers remote access to a victim’s phone and wiping one’s bank account by transferring all the money to their account. Besides Anatsa, these apps also had other Android malware, including Alien, Hydra, and Ermac.

Among the types of applications that these malware were injected into, the most popular were scanning applications, a crypto tracing application, and training applications. These apps with four major Android malware families were distributed in just four months and downloaded 300,000 times.

ThreatFabric also highlighted how this is actually a small malicious footprint, and this is due to new Google Play restrictions that place limitations on app permissions, such as the Accessibility Service. This was one of the most widely used methods of installing malware on phones, but hackers now resort to downloading updates after installing the application.


Google Play’s Best of 2021 India Awards: BGMI, Garena Free Fire MAX, Bitclass and Clubhouse top the ranks this year

Valorant Mobile: Gameplay, Release Date, and What to Expect


Leave a Comment