Security News > 2021 > December > 300.000+ users downloaded malware droppers from Google Play
Since August 2021, malware peddlers have managed to spread four families of Android banking trojans via malware droppers introduced in Google Play.
They did it by employing a series of tricks to bypass the app store's restrictions, evade automatic detection, and trick users into believing the apps they downloaded are legitimate and innocuous.
According to researchers from fraud prevention outfit ThreatFabric, the malware droppers posed as PDF scanners, QR code scanners, cryptocurrency apps, self-training, authenticator, and security apps, and were collectively downloaded over 310,000 times.
Malware peddlers introduce droppers into Google Play, masquerading as helpful apps that are actually working2.
Potential victims are tricked into downloading the initial droppers because the usual advice for vetting apps - checking out user comments, avoiding apps with a small number of downloads, checking out the app website - doesn't work here.
"Actors behind it took care of making their apps look legitimate and useful. There are large numbers of positive reviews for the apps. The number of installations and presence of reviews may convince Android users to install the app," they concluded.
News URL
https://www.helpnetsecurity.com/2021/12/01/droppers-google-play/
Related news
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- Malware locks browser in kiosk mode to steal Google credentials (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)
- Over 200 malicious apps on Google Play downloaded millions of times (source)
- Fake Google Meet conference errors push infostealing malware (source)