According to TechRadar, Google is forced to remove applications containing spyware (trojans) that steal bank accounts from their Google Play app store.
Recently, Threat Fabric security experts warned about five separate malicious attack campaigns, all targeting users in Europe – specifically the UK, Germany, and Spain. , Slovakia, Slovenia, and the Czech Republic.
What all these campaigns have in common is the use of malware loaders hidden in Android apps that have infiltrated the Google Play Store. These downloaders then install the Anatsa bank account stealer software onto the victim’s device.
Researchers have identified 5 malicious applications, they are mainly utility applications such as reading PDF files or cleaning the system, including Phone Cleaner – File Explorer, PDF Viewer – File Explorer, PDF Reader – Viewer & Editor, Phone Cleaner: File Explorer, and PDF Reader: File Manager.
What’s worrying is that this malware quickly entered the Google Play Store’s Top New Free rankings. A total of at least 130,000 people downloaded the apps, although researchers say the actual number of victims could be as high as 200,000.
To appear authentic and trustworthy, the anonymous attackers aimed to get into the ‘Top New Free’ category on Google Play. The malware downloader hidden inside the application also deploys a multi-stage infection process and is fully capable of taking advantage of Android’s Accessibility Service to bypass the system’s security measures. operating.
Researchers are warning Android users to be extra careful, even when downloading apps from the Play Store. Although Google’s mobile app store is generally considered safe, occasionally malicious apps get past the protections. In this case, Google has removed all malicious applications and recommends that users remove them if installed.