How hackers got the password-stealing Android app to download 300,000 times

Cyber ​​security company ThreatFabric is revisiting a massive campaign of malicious applications, including malware that steals passwords and other personal data.

One Report Cyber ​​security company ThreatFabric has revealed that 300,000 Android users have installed malicious applications responsible for stealing their banking information. Although malicious applications have been removed and disabled by Google, developers have used unique methods for sorting Malware For users, methods that everyone should know.

Hackers used many different types of malware

ThreatFabric’s report only mentions a small number of such malicious applications, but the list also includes QR code scanners, PDF scanners, physical activity monitoring applications, and applications for crypto. Unlike other malicious applications that falsely advertise their functionality, most of the applications we are interested in today work just as well as stated. Everything actually happens in the background, with apps stealing passwords and many other important personal data.

According to the malware used, the researchers classified the applications into four main “families”:

• Anatsa : The largest of the four families, with over 200,000 downloads, used the Trojan horse for a bank called Anatsa. It uses screenshots of Android accessibility features to steal usernames, passwords and other personal data.
• Alien : The second most downloaded family of Alien apps installed on over 95,000 devices. Alien intercepts two-factor authentication codes that hackers use to log into a user’s bank account.
• Hydra And Ermac : The last two families are the Hydra and Ermac families, both affiliated with the cybercriminal group Brunhilda. The group used the malware to remotely access the user’s device and obtain their bank information. ThreatFabric reports that Hydra and Ermac have surpassed 15,000 downloads.

How these malware families were able to carry out Google’s security measures

ThreatFabric reported these applications to Google, which quickly removed them from its Play Store and disabled them on the installed devices. But the real concern is how hackers were able to hide the malware in the applications.

Generally, the Play Store intercepts and removes applications that contain malicious code. However, in the cases that interest us today, the malware was not included in the initial downloads, but was added by an update that users must install to continue using the app. With this method, developers can submit their applications without having to provoke Google’s detection systems. Users can not doubt anything because these apps work exactly as advertised. However, there were some signs of updates because they may have requested permission from accessibility services or forced users to download additional software outside the Play Store.

How to protect your Android device from malware

There are several things you can do to keep your device safe and avoid installing such malware. First, pay attention to what permissions an application asks of you – not just when you first install it, but every time you start or update it -. If there is anything suspicious or unnecessary remove the app and report it. The QR code scanning application has no reason to access your accessibility services.

Similarly, only install updates directly from the Google Play Store. Even if an app says it needs a sudden update, if it is not in the Play Store, that update will not be valid. The same goes for requests to download anything outside the Play Store. Only when downloading an APK file from a trusted source, such as the APK Mirror or XDA Dev forum, is it safe to download and install the application in this way. Even on Google Play, be sure to check the app before downloading, as hackers may undermine the legitimacy of the app with fake comments.

While these different practices may not completely protect you from potential malware, if you combine them with other cyber security practices such as one-time passwords, two-factor authentication and applications protected by an encrypted password manager. Secure anti-malware and anti-virus, you will be well protected from hackers and their malicious applications.