Security News > 2021 > November > Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months
Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000 banking trojan installations over just the past four months in the official Android app marketplace.
Researchers from Threat Fabric reported that these threat groups have honed their ability to use Google Play to propagate banking trojans by shrinking the footprint of their dropper apps, eliminating the number of permissions they ask for, boosting the overall quality of the attack with better code and standing up convincing companion websites.
"To make themselves even more difficult to detect, the actors behind these dropper apps only manually activate the installation of the banking trojan on an infected device in case they desire more victims in a specific region of the world," the Threat Fabric researchers added.
Anasta threat actors were first observed by Threat Fabric using Google Play malware dropper apps in Jan. 2021, the report said.
The analysts found six separate droppers in Google Play that lead to Anasta infections, including scam QR code scammers, PDF scanners and cryptocurrency apps, collectively reaching more than 100,000 installations, they reported.
A dropper app called "GymDrop" used "Exercise update" messages to trick victims into downloading the Alien banking trojan.
News URL
https://threatpost.com/banking-trojan-infections-google-play/176630/
Related news
- Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share (source)
- Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users (source)
- TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)