Despite what the app store may tell you, there is no such thing as a free app. You either pay by seeing ads or in this case you have banking trojan dropped on your Android smartphone.
As reported BleepingComputernew set malicious applications with more than 150,000 downloads together were discovered on Google Play Store spread of the banking trojan Anatsa.
It is worth noting that currently only users of the service the best android phones in the United Kingdom, Germany, Spain, Slovakia, Slovenia and the Czech Republic, this new campaign is targeted. However, that could change if the cybercriminals behind it decide to expand their operations to the US or Canada.
But what sets these malicious apps apart is that they weren’t bad from the start. Instead, their creators waited a whole week before injecting malicious code into the apps. Here’s everything you need to know about this new set of malicious apps along with ways to protect your smartphone from Android malware.
Delete these apps now
All the apps listed below have since been removed from the Play Store. However, if you have any of them installed on your smartphone, you will have to delete them manually. These are the apps you’ll want to remove immediately:
- Phone Cleaner – File Explorer
- PDF viewer – File Explorer
- PDF reader – viewer and editor
- Phone Cleaner: File Explorer
- PDF Reader: File Manager
Once one of these malicious apps is removed, the hackers behind this campaign could try to launch a similar app. This is why you should always be careful when downloading free apps from any app store. Likewise, although the above apps have been removed from the Play Store, they may still be available for sideloading as APK files online.
When innocent-looking apps break
If you look at this list of malicious apps, you’ll notice that they all have one thing in common: These apps are either PDF viewers or fake cleaner apps that claim to free up space by deleting unnecessary files on your phone.
Of these apps, “PDF Reader: File Manager” had the most downloads of 100,000, while “Phone Cleaner – File Explorer” was downloaded over 10,000 times. In order to increase the number of downloads of each of these malicious apps, cybercriminals have designed them in such a way that they are popular enough to reach the “Best New Free” categories in the Play Store.
According to ThreatFabric report for that matter, those malicious apps used a multi-stage approach to avoid detection. Rather than being malicious from the start, which would increase their likelihood of being flagged by Google, the apps in question did not contain any malicious code when they were uploaded to the Play Store. Instead, the malware component was added to these apps a week after download via an update.
Like other malicious apps, these abuse Androids Accessibility service to gain additional control over the target device. For example, the cleaner apps on this list claim they need permission to access this service to “hibernate battery-draining apps.” This is the kind of permission that someone looking for a phone cleaner app wouldn’t think twice about.
After installing on an Android smartphone, He installed a banking trojan can gain full control of the device, as well as perform actions on behalf of the victim. The Trojan can steal passwords and login information, record keystrokes, and capture everything displayed on a smartphone’s screen. These capabilities make it ideal for cybercriminals looking to commit fraud while draining a victim’s bank accounts and other financial applications.
How to protect yourself from Android malware
When it comes to protecting yourself and your devices from Android malware, the first thing you’ll want to do is limit the apps on your smartphone. Before downloading any new app, you should ask yourself whether you really need it and whether the stock Android app offers the same functionality or not. For example, instead of downloading a PDF reader or viewer, you can simply use Google driving do the same thing.
If you do decide to download the free app, be sure to check its rating and reviews in the Play Store. When an app is malicious but not yet removed, users often point out in reviews that the app is bad. However, you must keep in mind that app reviews can be fake. This is why it’s always a good idea to look for external reviews, and video reviews can be very helpful as you can see the app in question in action.
To stay safe from Android malware, you’ll need to secure this Google Play Protect is enabled on your devices. This free app comes pre-installed on most Android smartphones and sometimes it’s just a matter of whether it’s enabled. Google Play Protect scans all your existing apps and any new ones you download for malware. For added protection, you may also want to consider using one of the best antivirus apps for android Besides.
Hackers and other cybercriminals will likely continue to try to get their bad apps on the Play Store as fast as Google can remove them. For this reason, it is up to you to remain cautious and extra cautious when installing any new application on your Android smartphone.