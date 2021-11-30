these Android apps have a banking trojan
The Android app store is a safe place, and it’s packed with malware detection and verification methods to prevent things like the one we’re talking about today from happening. However, it is impossible for Google’s security systems to hunt down all malicious applications that sooner or later end up bypassing the security systems of the Play Store.
Given the strong measures that have been implemented in recent years, hackers have opted for using covert techniques that don’t attract attention, being as stealthy as possible before “hitting us” and running away with the loot.
They detect a dozen apps with more than 300,000 installations that downloaded a banking Trojan
ThreatFabric researchers have just published a study where they report on the discovery of a series of applications that accumulated more than 300,000 downloads on Google Play, before being identified as banking malware that stole the user’s passwords, their two-step authentication codes , recorded keyboard use and took screenshots.
The apps were presented as QR scanners, PDF scanners and cryptocurrency wallets, and they belonged to 4 different malware families that were distributed over the last 4 months. The applications were initially completely benign and worked normally, but before long users received a message indicating that an update was available for the application.
This is when the Trojans were downloaded, once the user already trusted the application and did not consider it a threat. For this same reason, the virus detection tools did not detect anything either, obtaining a score of 9 out of 10 on analysis platforms such as VirusTotal.
One of the viruses detected is from the family Anatsa, an advanced banking Trojan for Android systems, which, among other things, is capable of remotely controlling the user’s device and activating automatic bank transfer systems to empty the accounts of its victims.
The rest of the malware detected belonged to the virus families of Alien, Hydra and Ermac, with personalized infection systems for each device model, which made them very difficult to detect by conventional security systems.
If you have any of these apps, delete it right away from your Android
Below, we break down the names of the infectious apps. It goes without saying that if we have any of them on our device we must uninstall them as soon as possible. Some of them use generic names, so if we have any doubts it is advisable to look at the name of the package for a correct identification.
|Name
|Package
|SHA-256 hash
|Two Factor Authenticator
|com.flowdivison
|a3bd136f14cc38d6647020b2632bc35f21fc643c0d3741caaf92f48df0fc6997
|Protection Guard
|com.protectionguard.app
|d3dc4e22611ed20d700b6dd292ffddbc595c42453f18879f2ae4693a4d4d925a
|QR CreatorScanner
|com.ready.qrscanner.mix
|ed537f8686824595cb3ae45f0e659437b3ae96c0a04203482d80a3e51dd915ab
|Master Scanner Live
|com.multifuction.combine.qr
|7aa60296b771bdf6f2b52ad62ffd2176dc66cb38b4e6d2b658496a6754650ad4
|QR Scanner 2021
|com.qr.code.generate
|2db34aa26b1ca5b3619a0cf26d166ae9e85a98babf1bc41f784389ccc6f54afb
|QR Scanner
|com.qr.barqr.scangen
|d4e9a95719e4b4748dba1338fdc5e4c7622b029bbcd9aac8a1caec30b5508db4
|PDF Document Scanner – Scan to PDF
|com.xaviermuches.docscannerpro2
|2080061fe7f219fa0ed6e4c765a12a5bc2075d18482fa8cf27f7a090deca54c5
|PDF Document Scanner
|com.docscanverifier.mobile
|974eb933d687a9dd3539b97821a6a777a8e5b4d65e1f32092d5ae30991d4b544
|PDF Document Scanner Free
|com.doscanner.mobile
|16c3123574523a3f1fb24bbe6748e957afff21bef0e05cdb3b3e601a753b8f9d
|CryptoTracker
|cryptolistapp.app.com.cryptotracker
|1aafe8407e52dc4a27ea800577d0eae3d389cb61af54e0d69b89639115d5273c
|Gym and Fitness Trainer
|com.gym.trainer.jeux
|30ee6f4ea71958c2b8d3c98a73408979f8179159acccc01b6fd53ccb20579b6b
|Gym and Fitness Trainer
|com.gym.trainer.jeux
|b3c408eafe73cad0bb989135169a8314aae656357501683678eff9be9bcc618f
Today the applications have already been removed from the Play Store.