Android users are facing a critical situation due to the detection of several apps spreading harmful banking malware on their devices. These apps, downloaded by millions, were all found on the Google Play Store, making it easy for them to infect numerous smartphones.
The discovery of this threat was made by Zscaler’s ThreatLabs team, who identified that many of these apps were contaminated with the dangerous Anatsa bug. This malware, which emerged in 2020, is capable of stealing credentials, logging keystrokes, and facilitating fraudulent transactions.
What sets this attack apart is its sophisticated method of infiltration. Anatsa utilizes a dropper technique, where cybercriminals disguise a benign-looking application on the official Google Play Store. Once installed, Anatsa covertly downloads a malicious payload from its command-and-control server, evading detection mechanisms and successfully infecting devices.
In addition to Anatsa, there have been other attacks reported. ThreatLabz flagged 77 malicious applications, including the notorious Joker bug, to Google. Joker can read and send text messages, capture screenshots discreetly, make unauthorized calls, and pilfer contact lists. Moreover, it can enroll victims in premium services without their knowledge.
Zscaler emphasized the importance of scrutinizing app permissions and ensuring they align with the app’s intended functionality. Before installing any software, it is advisable to check reviews, research the developer, and activate Google Play Protect. This service scans apps and devices for malicious behavior, conducts safety checks on downloads, and alerts users about potentially harmful apps. Google Play Protect can also deactivate or remove harmful apps from devices, enhancing user security.