Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Android Security

Over 300,000 Android Users Have Downloaded These Banking Trojan Malware Apps, Say Security Researchers (zdnet.com) 23

Over 300,000 Android smartphone users have downloaded what turned out to be banking trojans after falling victim to malware that has bypassed detection by the Google Play app store. ZDNet reports: Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions that are advertised in order to avoid users getting suspicious. In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.

The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users -- researchers describe it as an "advanced" banking trojan that can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user's screen, while a keylogger allows attackers to record all information entered into the phone. [...] The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan that can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store. [...] The other two forms of malware that have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber-criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information. ThreatFabric has reported all of the malicious apps to Google and they've either already been removed or are under review.

This discussion has been archived. No new comments can be posted.

Over 300,000 Android Users Have Downloaded These Banking Trojan Malware Apps, Say Security Researchers

Comments Filter:
  • lusers (Score:3, Insightful)

    by Anonymouse Cowtard ( 6211666 ) on Tuesday November 30, 2021 @09:27PM (#62035229) Homepage
    Wouldn't you find it odd that your app has only been installed a few thousand times? Some people are just asking for it.
    • by aliquis ( 678370 )

      I installed the highly rated QR scanner with no ads or in app purchases. The name was in Swedish so how many installations should I look for before trusting it? ...

      I thought Google provided some safety.

      • Re:lusers (Score:5, Insightful)

        by LuckyPee ( 8777991 ) on Tuesday November 30, 2021 @10:19PM (#62035309)

        I thought Google provided some safety.

        And after reading the summary

        In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.

        You now know better.

        • How can the software keylog, take screen captures, and read text messages to steal MFA info, at all?

          If these are permissions granted through some framework, isn't that a giant red flag?

          • by mjwx ( 966435 )

            How can the software keylog, take screen captures, and read text messages to steal MFA info, at all?

            If these are permissions granted through some framework, isn't that a giant red flag?

            An end user will just click accept. The chief cause of insecurity has always been and remains the user.

            Also a nice alarming figure, 300,000... there are over 2,800,000,000 (2.8 billion) active Android devices. Imma not going to panic about that just yet.

        • Except you're given the option of scanning apps sideloaded... so you had to pick no, or ignore the OMG THIS IS BAD
      • The only protection that Google provides is protecting their ability to advertise to you. You are not their customer.
      • I thought Google provided some safety.

        LOL!

        The simple answer is to not do any "banking" on any device where you constantly download and run "apps" from the Internet.

    • by Junta ( 36770 )

      To get to a high count, it has to be downloaded a few thousand times at some point.

      Second, there was this widely popular barcode scanner app on Android that was very straightforward and innocuous. Then one day with millions of installs, it became malware. https://blog.malwarebytes.com/... [malwarebytes.com]

      Of course, all it could pull off was opening ads seemingly randomly regardless of what app was running.

      However, this is good to be *very* careful about accessibility permissions.

  • And you said yes (Score:5, Insightful)

    by RussellTheMuscle ( 2783037 ) on Tuesday November 30, 2021 @10:40PM (#62035333)
    In a world in which every app asks permission to access just about every nook and cranny of your phone, the future of those who trade convenience for security will be littered with empty bank accounts.
  • by thesjaakspoiler ( 4782965 ) on Tuesday November 30, 2021 @11:12PM (#62035381)

    that does not need every permission known to man to be installed.

    • You need a flashlight app? I just shake my Moto in a certain way (like chopping vegetables) and the flashlight toggles. I thought every phone had a way to turn the flashlight on now.

      • by Junta ( 36770 )

        Pretty much. Motorola has the most convenient, though at worst it's an icon in the swipe down menu for other devices. No point in a flashlight app anymore.

    • This seems to have been the case since the dawn of Android, where a fart app or a fleshlight app requires every permission out there, even su permissions for unfettered access on rooted devices. At least Android has gotten better with newer apps getting prompted for permissions.

      Wonder what ever happened to XPrivacy, where one could grant an app every permission under the sun, but would be fed bogus data, either a static location, garbage for contacts and songs, fake camera and mic input, and so on.

  • ...personal information. I'm shocked! Android's primary function is to collect your personal information for advertising & govt surveillance purposes. Everything else is secondary at best. Unfortunately, 2fa mandates are forcing people to install banking apps on Google's leaky advertising platform, thereby giving malware access to their banking credentials. I have a (Linux) laptop set up as securely as possible to do online banking & shopping with. Why do I have to keep Google & malware apps in
    • A Linux user, a Vegan and a BMW driver walk into a bar...
      Ah, fuck it.

    • by Junta ( 36770 )

      Even malware is relatively tame by malware standards in the Android ecosystem.

      One it needs permissions to be approved, permissions that are difficult to imagine why the app would need it if you try to think about it. If you can't think of a reason, you can reject just that permission to see what happens.

      Once approved, iirc android will put an indicator on screen indicating something is using it's camera/screen capture/etc permission.

      And it can be uninstalled.

      While it's not perfect, the security on your pho

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...