Despite what an app store may tell you, there’s no such thing as a free app. You’re either paying by seeing ads or in this case, having a banking trojan dropped on your Android smartphone.
As reported by BleepingComputer, a new set of malicious apps with over 150,000 downloads combined have been discovered on the Google Play Store spreading the Anatsa banking trojan.
It’s worth noting that at the moment, only users of the best Android phones in the UK, Germany, Spain, Slovakia, Slovenia and the Czech Republic have been targeted in this new campaign. However, that could change if the cybercriminals behind it decide to expand their operations to the U.S. or Canada.
What sets these malicious apps apart though is that they weren't bad from the start. Instead, their creators waited a full week before introducing malicious code into the apps. Here’s everything you need to know about this new set of malicious apps along with how to protect your smartphone from Android malware.
Delete these apps right now
All of the apps listed below have since been removed from the Play Store. However, if you have any of them installed on your smartphone, you will need to manually delete them. Here are the apps you’re going to want to remove immediately:
- Phone Cleaner - File Explorer
- PDF Viewer - File Explorer
- PDF Reader - Viewer & Editor
- Phone Cleaner: File Explorer
- PDF Reader: File Manager
Once one of these malicious apps have been taken down, the hackers behind this campaign could try and launch a similar app. This is why you always need to be careful when downloading free apps on any app store. Likewise, while the apps listed above have been removed from the Play Store, they could still be available to sideload as APK files online.
When innocent-looking apps go bad
If you look through this list of malicious apps, you’ll notice that they all have one thing in common: these apps are either PDF viewers or fake cleaning apps that say they can free up space by deleting unnecessary files on your phone.
Of these apps, “PDF Reader: File Manager” had the most downloads at 100,000 while “Phone Cleaner - File Explorer” was downloaded over 10,000 times. To increase the number of downloads each of these malicious apps received, the cybercriminals designed them in such a way that they would be popular enough to reach the “Top New Free” categories on the Play Store.
According to ThreatFabric’s report on the matter, these malicious apps used a multi-staged approach to avoid detection. Instead of being malicious from the start which would increase their likelihood of getting flagged by Google, the apps in question didn’t contain any malicious code whatsoever when they were uploaded to the Play Store. Instead, the malware dropper component was added to these apps one week after being downloaded through an update.
Like other malicious apps, these ones abuse Android’s Accessibility Service to gain additional control over a targeted device. For instance, the cleaning apps on this list claim they need permission to access this service to “hibernate battery-draining apps." This is the kind of permission that someone looking for a phone cleaning app wouldn’t think twice about.
Once installed on an Android smartphone, the Anatsa banking trojan can gain full control over the device as well as execute actions on a victim’s behalf. The trojan can steal passwords and login data, log keystrokes and capture anything displayed on a smartphone’s screen. These capabilities make it ideal for cybercriminals looking to commit fraud as they drain a victim’s bank accounts and other financial apps.
How to stay safe from Android malware
When it comes to protecting yourself and your devices from Android malware, the first thing you’re going to want to do is to limit the apps on your smartphone. Before downloading any new app, you should ask yourself if you really need it and whether or not a stock Android app offers the same functionality. For instance, instead of downloading a PDF reader or viewer, you can just use Google Drive to do the same thing.
If you do decide to download a free app, make sure to check both its rating and reviews on the Play Store. When an app is malicious but hasn’t been taken down yet, users often point out that the app is bad in its reviews. However, you do need to keep in mind that app reviews can be faked. This is why it’s always a good idea to look for external reviews and video reviews can be really helpful too, since you can see the app in question in action.
To stay safe from Android malware, you’re going to want to ensure that Google Play Protect is enabled on your devices. This free app comes pre-installed on most Android smartphones and sometimes, it’s just a matter of making sure it's enabled. Google Play Protect scans all of your existing apps and any new ones you download for malware. For extra protection though, you may also want to consider using one of the best Android antivirus apps alongside it.
Hackers and other cybercriminals will likely keep trying to get their bad apps onto the Play Store as fast as Google can remove them. For this reason, it’s up to you to remain vigilant and be extra careful when installing any new app on your Android smartphone.
More from Tom's Guide
