Computer viruses and hackers keep renewing themselves in an attempt to trap their victim.

Ever-tighter restrictions and protections are forcing hackers to find new ways.

ThreatFabric researchers have unveiled a list of malicious apps that were downloaded from the Google Play Store more than 300,000 times before viruses became active.

The applications came in the form of QR code scanners, PDF scanners or even cryptocurrency wallets.

Cyber ​​criminals have used several methods to bypass Google's restrictions in order to infect users without being detected.

Gain user trust

At first, the applications had no viral load.

They let users get used to their use.

"What makes these Play Store malware campaigns very difficult to detect is because the apps all have a very low malicious footprint," ThreatFabric researchers explain.

Once they got used to the software, users would receive a message asking them to download updates from a source external to the Google Play Store.

“This incredible focus on avoiding unwanted attention makes automated malware detection less reliable,” says ThreatFabric.

Four families of malware have been discovered by researchers in these applications: Alien, Hydra, Ermac and Anatsa.

The most common family was the Anatsa malware.

An advanced Android banking Trojan that has many capabilities, such as remote access to systems and capable of automatically transferring money from victims 'accounts to hackers' accounts.

Handpicked victims

In order to make their software as undetectable as possible, the people responsible for distributing this malware have taken the time to post a large number of positive reviews and install the software on a large number of phones.

In addition, the applications have the functionalities that they claim to have.

The victim is therefore not aware of anything.

Finally, the hackers did not send the bogus updates to all users.

"The actors have tried to target only the regions that interest them", detail the researchers.

“If all the conditions are met, the payload will be downloaded and installed.

"

As the researchers explain, it is difficult to differentiate these malicious apps from legitimate ones.

To avoid unpleasant surprises, it is best not to install an application with a low number of users.

Finally, it is particularly not recommended to install applications or updates from sources external to the Play Store.

High-Tech

Blablacar: Beware of this scam that targets platform users

High-Tech

Huawei: 190 apps from the AppGallery infected with a virus that targets personal data

  • Android

  • Google

  • Personal data

  • Bank account

  • Piracy

  • Cybersecurity

  • Cyber ​​attack

  • Mobile app

  • High-Tech

  • Application

  • 0 comment

  • 0 share

    • Share on Messenger

    • Share on Facebook

    • Share on twitter

    • Share on Flipboard

    • Share on Pinterest

    • Share on Linkedin

    • Send by Mail

  • To safeguard

  • A fault ?

  • To print