- Feb 4, 2016
Cybersecurity researchers at ThreatFabric detail how password-stealing Android banking trojans were disguised as QR code readers, fitness monitors, cryptocurrency apps and more.
Over 300,000 Android smartphone users have downloaded what have turned out to be banking trojans after falling victim to malware which has bypassed detection by the Google Play app store.
Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions which are advertised in order to avoid users getting suspicious.
In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.
The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users – researchers describe it as an "advanced" banking trojan which can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user's screen, while a keylogger allows attackers to record all information entered into the phone.
Four separate Android banking trojan Dropper campaigns that have affected over 300,000 devices in 2021 through the Google Play Store.