Security News > 2021 > December > 4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021

4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021
2021-12-01 20:51

Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices.

While Google earlier this month instituted limitations to restrict the use of accessibility permissions that allow malicious apps to capture sensitive information from Android devices, operators of such apps are increasingly refining their tactics by other means even when forced to choose the more traditional way of installing apps through the app marketplace.

ThreatFabric discovered six Anatsa droppers on the Play Store since June 2021, with the apps programmed to download an "Update" followed by prompting users to grant it permissions to install apps and Accessibility Service privileges.

Brunhilda, a threat actor which was discovered distributing a remote access trojan named Vultur in July 2021, leveraged trojanized apps masquerading as QR code creator apps to drop Hydra and ERMAC malware aimed at users in the U.S., a market previously not targeted by the two malware families.

Lastly, a fitness training dropper app with over 10,000 installations - dubbed GymDrop - was found delivering the Alien banking trojan payload by masking it as a "New package of workout exercises," even as its purportedly legitimate developer website doubles up as the C2 server to fetch the configuration required to download the malware.

"To make themselves even more difficult to detect, the actors behind these dropper apps only manually activate the installation of the banking trojan on an infected device in case they desire more victims in a specific region of the world," the researchers said.


News URL

https://thehackernews.com/2021/11/4-android-banking-trojan-campaigns.html