Security News > 2021 > November > Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months

Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000 banking trojan installations over just the past four months in the official Android app marketplace.

Researchers from Threat Fabric reported that these threat groups have honed their ability to use Google Play to propagate banking trojans by shrinking the footprint of their dropper apps, eliminating the number of permissions they ask for, boosting the overall quality of the attack with better code and standing up convincing companion websites.

"To make themselves even more difficult to detect, the actors behind these dropper apps only manually activate the installation of the banking trojan on an infected device in case they desire more victims in a specific region of the world," the Threat Fabric researchers added.

Anasta threat actors were first observed by Threat Fabric using Google Play malware dropper apps in Jan. 2021, the report said.

The analysts found six separate droppers in Google Play that lead to Anasta infections, including scam QR code scammers, PDF scanners and cryptocurrency apps, collectively reaching more than 100,000 installations, they reported.

A dropper app called "GymDrop" used "Exercise update" messages to trick victims into downloading the Alien banking trojan.

News URL

https://threatpost.com/banking-trojan-infections-google-play/176630/