Beware of Android users! Google recently removed 17 malicious apps from the Play Store after it was revealed that they had stolen users’ banking information from the devices.
According to a report by Trend Micro, a security research firm, these malware apps aim to steal user data, including banking information, PINs, passwords, and other information. These apps can also intercept text messages and infect devices with malicious malware.
Apps that carry the malware to steal data and bypass Google’s Play Store security result in a dropper-as-a-service (DaaS) model called dropper apps. These apps have a load of malicious malware installed on phones.
“Malicious actors have covertly added a growing number of banking Trojans to Google Play Store via malicious droppers this year, demonstrating that such a technique is effective at evading detection,” Trend Micro wrote in a blog post.
“In addition, because of the high demand for new ways to distribute mobile malware, several attackers are claiming that their droppers could help other cybercriminals spread their malware on the Google Play Store.”
Late in the year, Trend Micro found a malicious campaign that used a new dropper variant, calling it DawDropper. The following Android apps were originally found in the Google Play Store, they have now been removed:
- Call Recorder APK (com.caduta.aisevsk)
- Rooster VPN (com.vpntool.androidweb)
- Super Cleaner – hyper & smart (com.j2ca.callrecorder)
- Document Scanner – PDF Creator (com.codeword.docscann)
- Universal Saver Pro (com.virtualapps.universalsaver)
- Eagle photo editor (com.techmediapro.photoediting)
- Call recorder pro+ (com.chestudio.callrecorder)
- Extra Cleaner (com.casualplay.leadbro)
- Crypto utilities (com.utilsmycrypto.mainer)
- FixCleaner (com.cleaner.fixgate)
- Just In: Video Motion (com.olivia.openpuremind)
- Lucky Cleaner (com.luckyg.cleaner)
- Simpli Cleaner (com.scando.qukscanner)
- Unicc QR Scanner (com.qrdscannerratedx)
If you have installed any of the above-mentioned apps on your Android smartphone, it is recommended that you uninstall it immediately.
“Cybercriminals are constantly finding ways to evade detection and infect as many devices as possible. In half a year, we have seen how banking trojans have developed their technical routines to avoid being detected, such as hiding malicious payloads in droppers,” concluded Trend Micro.
“As more banking Trojans are made available through DaaS, malicious actors will have an easier and more cost-effective way to distribute malware disguised as legitimate apps. We foresee that this trend will continue and that more banking Trojans will be distributed through digital distribution services in the future.”
To stay protected from malicious apps, users are advised to always check app reviews for unusual concerns or negative experiences, apply due diligence when investigating app developers and publishers, and download apps from suspicious-looking websites or avoid unknown sources.