Even on official app stores, you need to be careful what you download. Case in point, 77 malicious apps with a combined total of 19 million installs were found spreading malware on the Google Play Store.
As reported by BleepingComputer, the malicious apps in question were discovered by Zscaler’s ThreatLabs team. At the time, its researchers were investigating a new campaign that uses the Anatsa banking trojan (also known as Tea Bot) to target vulnerable Android phones.
In addition to taking screenshots, intercepting and reading text messages, keylogging and device takeover, Anatsa is also able to impersonate banking and finance apps by using overlay attacks. Just last year, the trojan was able to impersonate over 600 popular apps. Now though, that number has jumped to 831 banking and finance apps according to Zscaler’s new report.
Here’s everything you need to know about this new malware campaign including some tricks and tips to help you keep your Android phone virus-free and safe from hackers.
Hiding in plain view
The reason malicious apps can be quite difficult to spot is that they often pose as seemingly harmless ones on both official and unofficial app stores. For instance, cybercriminals might create a PDF reader, flashlight or some other type of utility, trick people into downloading it using fake reviews or even fake ads and then infect their device with malware.
In Anatsa’s case, the banking trojan uses decoy apps that appear to be legitimate at first glance. However, once they're installed, this decoy app downloads a malicious payload disguised as an app update which actually includes the Anatsa banking trojan. Even though apps on the Google Play Store go through rigorous security checks just like on Apple’s App
Store, this approach allows these bad apps to avoid detection since they only become malicious after they’ve been downloaded and installed.
Once one of these malicious apps is updated and opened, Anatsa scans the apps on a victim’s phone to see which banking and finance apps they use. If one of the apps the trojan can impersonate are loaded on a victim’s phone, it then places an overlay of a login screen when they’re launched. If you opened the app for your bank and saw that you had to re-login before checking your account, you wouldn’t think twice about it, right? Well, in this case, instead of logging in, you’re actually handing over your username and password to the hackers behind this campaign who can then drain your accounts.
In addition to the Anatsa banking trojan, ZScaler’s researchers also found other malware strains being distributed by the malicious apps. As BleepingComputer points out, the Joker malware was the most popular and was found in a quarter of these malicious apps.
Just like with Anatsa, the Joker malware is able to take screenshots and access device information. However, it can also read and send text messages, steal a victim’s contacts from their phone and even sign up for premium subscription services. Likewise, the Joker variant Harly was also found in these malicious apps among other malware strains.
How to stay safe from Android malware
Normally with malware, I’d recommend not opening links or downloading attachments in emails from unknown senders or downloading new apps from suspicious sites online. However, in this situation, things are a little more tricky since all of these 77 malicious apps were available to download right on the Google Play Store.
For this reason, I always recommend that people limit the number of apps they have installed. This makes it easier to find out if you accidentally downloaded a malicious one but keep in mind, even good apps can go bad when injected with malicious code like how the Anatsa banking trojan is distributed via fake app updates.
Before downloading any new app, you want to carefully check its review score and ratings. However, since these can be faked, it’s always a good idea to look for external reviews on other sites and especially video reviews since they show you how the app in question works. It’s best to stick to well-known developers with trusted track records but before you download any app, you should first ask yourself if another one of your pre-installed apps or even your mobile operating system can accomplish the same thing. If so, skip the app.
To stay safe from Android malware, you want to make sure that Google Play Protect is enabled on your smartphone. The reason being is that this free, pre-installed app scans all of your existing apps and any new ones you download for malware. So let’s say you accidentally install one of the decoy apps used in this campaign, it would get flagged as dangerous once the Anatsa malware is downloaded after an update. For additional protection though, you might want to consider running one of the best Android antivirus apps alongside it and to help you recover funds lost to malicious apps or other malware, then the best identity theft protection might be worth investing in too.
Malicious apps provide hackers with an easy entry point into your phone as well as your digital life, so they’re not going to go away anytime soon despite Google and Apple’s best efforts. That’s why you need to be careful when installing new apps and periodically check your existing apps to make sure that nothing is amiss.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- Macs under attack from dangerous new info-stealing malware — how to stay safe
- Two-factor authentication provides an easy way to secure your accounts — here's how it works and how to enable it
- AI browsers can’t tell legitimate websites from malicious ones — here’s why that’s putting you at risk
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
