Over 300,000 Android Users Have Downloaded These Banking Trojan Malware Apps, Say Security Researchers (zdnet.com) 23
Over 300,000 Android smartphone users have downloaded what turned out to be banking trojans after falling victim to malware that has bypassed detection by the Google Play app store. ZDNet reports: Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions that are advertised in order to avoid users getting suspicious. In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.
The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users -- researchers describe it as an "advanced" banking trojan that can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user's screen, while a keylogger allows attackers to record all information entered into the phone. [...] The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan that can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store. [...] The other two forms of malware that have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber-criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information. ThreatFabric has reported all of the malicious apps to Google and they've either already been removed or are under review.
The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users -- researchers describe it as an "advanced" banking trojan that can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user's screen, while a keylogger allows attackers to record all information entered into the phone. [...] The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan that can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store. [...] The other two forms of malware that have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber-criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information. ThreatFabric has reported all of the malicious apps to Google and they've either already been removed or are under review.
lusers (Score:3, Insightful)
Re: (Score:1)
I installed the highly rated QR scanner with no ads or in app purchases. The name was in Swedish so how many installations should I look for before trusting it? ...
I thought Google provided some safety.
Re:lusers (Score:5, Insightful)
I thought Google provided some safety.
And after reading the summary
You now know better.
Re: lusers (Score:2)
How can the software keylog, take screen captures, and read text messages to steal MFA info, at all?
If these are permissions granted through some framework, isn't that a giant red flag?
Re: (Score:2)
How can the software keylog, take screen captures, and read text messages to steal MFA info, at all?
If these are permissions granted through some framework, isn't that a giant red flag?
An end user will just click accept. The chief cause of insecurity has always been and remains the user.
Also a nice alarming figure, 300,000... there are over 2,800,000,000 (2.8 billion) active Android devices. Imma not going to panic about that just yet.
Re: lusers (Score:2)
Re: lusers (Score:2)
Re: (Score:2)
I thought Google provided some safety.
LOL!
The simple answer is to not do any "banking" on any device where you constantly download and run "apps" from the Internet.
Re: (Score:3)
To get to a high count, it has to be downloaded a few thousand times at some point.
Second, there was this widely popular barcode scanner app on Android that was very straightforward and innocuous. Then one day with millions of installs, it became malware. https://blog.malwarebytes.com/... [malwarebytes.com]
Of course, all it could pull off was opening ads seemingly randomly regardless of what app was running.
However, this is good to be *very* careful about accessibility permissions.
Re: (Score:2)
The Android model is pretty secure, using both Linux's user/group permissions, as well as SELinux. What weakens Android are all the stores on it that have little to no curation. Even though iOS's jail model may not be as secure as AOSP/Linux, because Apple aggressively curates and runs off most of the malware producers, the ecosystem is relatively clean.
What might be a good compromise is going to a tiered system. Have a tightly curated tier of apps in the Play Store that require more extensive vetting, t
Re: (Score:2)
Have you noticed that people who call Tor "TOR" are always morons? From Tor's official website: 'Tor is not spelled "TOR".
No, but it seems you have to be pretty stupid to think that people consult a thing's website before talking about it.
Or that the thing gets to decide how people talk about it!
Just like, most people use graphics, not giraffes, to display images.
Or some idiots who came up with SCSI thought the world was going to pronounce it "sexy." *LOL* what a scuz.
I did notice that people who live in free countries but also use Tor usually end up on the news getting arrested for child porn.
And you said yes (Score:5, Insightful)
Ouch, I need another flashlight app (Score:4, Insightful)
that does not need every permission known to man to be installed.
Re: (Score:2)
You need a flashlight app? I just shake my Moto in a certain way (like chopping vegetables) and the flashlight toggles. I thought every phone had a way to turn the flashlight on now.
Re: (Score:2)
Pretty much. Motorola has the most convenient, though at worst it's an icon in the swipe down menu for other devices. No point in a flashlight app anymore.
Re: (Score:2)
This seems to have been the case since the dawn of Android, where a fart app or a fleshlight app requires every permission out there, even su permissions for unfettered access on rooted devices. At least Android has gotten better with newer apps getting prompted for permissions.
Wonder what ever happened to XPrivacy, where one could grant an app every permission under the sun, but would be fed bogus data, either a static location, garbage for contacts and songs, fake camera and mic input, and so on.
Advertising platform leaks... (Score:2)
Re: (Score:2)
A Linux user, a Vegan and a BMW driver walk into a bar...
Ah, fuck it.
Re: (Score:2)
Even malware is relatively tame by malware standards in the Android ecosystem.
One it needs permissions to be approved, permissions that are difficult to imagine why the app would need it if you try to think about it. If you can't think of a reason, you can reject just that permission to see what happens.
Once approved, iirc android will put an indicator on screen indicating something is using it's camera/screen capture/etc permission.
And it can be uninstalled.
While it's not perfect, the security on your pho