Over 90 malicious apps with 5.5 million downloads found in Google Play Store
Over the past few months, Zscaler Threatlabz identified and analyzed more than 90 malicious applications in the Google Play Store. These malware-infested apps have been downloaded and installed over 5.5 million times.
Researchers noticed an increase in Anatsa malware, which is also known as TeaBot. It’s an example of sophisticated malware that decoys itself as a bona fide application, like a PDF Reader or QR Code Reader & File Manager.
Once installed however, it secretly drops a malicious payload from a command-and-control server, disguised as an innocuous application update. Then it exfiltrates sensitive information from a user’s device, such as banking credentials and other financial information.
“It achieves this through the use of overlay and accessibility techniques, allowing it to intercept and collect data discreetly,” Zscaler Threatlabz remarks.
Anatsa is a known Android banking malware that targets over 650 financial institutions, primarily in the United States and United Kingdom. Recent observations indicate that the threat actor who’s responsible for the development and deployment of Anatsa, is expanding to other countries like Germany, Spain, Finland, South Korea and Singapore.
Threat landscape continuous to evolve
Researchers found several trends in the Google Play Store. About 40 percent of the malicious apps in the Store are disguised as a tool. Personalization and photography constitute about 20 percent and 13 percent respectively.
Several malware families were discovered during Zscaler Threatlabz’s analysis. Joker malware or Fleeceware was the largest (over 42%), followed by Adware (over 41%). Anatsa’s share was only a little over 2%, but researchers emphasize it’s a well-known and highly impactful banking trojan.
Android users all over the world should be careful what they download from the Google Play Store. “As the mobile threat landscape continues to evolve, it becomes crucial for organizations to implement proactive security measures to safeguard their systems and sensitive financial information,” Zscaler Threatlabz concludes.
At the time of writing, the two malicious Anatsa apps have been removed from the Google Play Store.
Your email address will not be published. Required fields are marked