Banking-Trojan-Install-Play-Store-Android-Google-Threat-FabricBanking-Trojan-Install-Play-Store-Android-Google-Threat-FabricImage: Threat Fabric
 

When security breaches happen on Android, Google often points to non-official outlets for causing them. For example, the recent report of 190 malware-infested apps found on Huawei’s App Gallery. However, Google’s own services also have issues with malware. Notably, 300,000 trojans found on the Google Play Store in the last few months.

Threat actors have been able to bypass Google’s restrictions to prevent malware apps. In doing so, the attackers could install over 300,000 banking trojans over a four month period.

According to the cybersecurity research team at Threat Fabric, the attack groups have found a way to use Google Play to push their malware. Essentially, they decrease the footprint of their trojan dropping apps, which reduces the number of permissions they require from Google.

Advertisement

“To make themselves even more difficult to detect, the actors behind these dropper apps only manually activate the installation of the banking trojan on an infected device in case they desire more victims in a specific region of the world,” the Threat Fabric researchers point out. “This makes automated detection a much harder strategy to adopt by any organization.”

Each of the 300,000 banking trojans came from a quartet of malware groups. Anatsa accounted for over 200,000 dropper installations, Alien took over 95,000, and Hydra and Ermac claimed over 15,000 each.

Recent Huawei Android Discovery

Earlier this month we reported on over 190 apps on Huawei’s forked Android store carried malware and were installed over 9 million times. Malware was included in games and designed to as adware to steal user information to target ads towards them.

Researchers call the new trojan being used Android.Cynos.7.origin. As the name suggests, it is a modification to the Cynos malware. This is a well-known module that has been seen before infecting Android apps.

Once a game is downloaded, it will ask the user for permission to take control of phone calls. “That allows the trojan to gain access to certain data,” Doctor Web says. Once given permission, the trojan infiltrates the device and takes information such as phone number and location data.

Android automated testing could have prevented the malware-carrying apps from being present in the first place.

Tip of the day: File History is a Windows back up feature that saves each version of files in the Documents, Pictures, Videos, Desktop, and Offline OneDrive folders. Though its name implies a primary focus on version control, you can actually use it as a fully-fledged backup tool for your important documents.

Advertisement