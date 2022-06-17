Share

A new malware hidden in Google Play is capable of stealing bank details, passwords and even your money. Be careful if you have installed this app.

When we are still recovering from the blow caused by the appearance of nearly 20 apps with malware in the Google Play Store, we have to talk about one new threat aimed at Android users.

On this occasion, we are talking about a trojan discovered in a application with thousands of downloads on Google Playdiscovered by cybersecurity experts at Cyble. After analyzing it, they have determined that the Trojan is capable of obtaining sensitive dataincluding phone numbers, passwords, one-time codes or bank credentials.

A banking Trojan hidden in a file manager for Android

In their analysis, Cyber ​​security experts discovered that the Trojan hidden in Document Manaer is a hydra varianta malware already known by Android users, which has been a serious threat to the platform for years.

Researchers have defined the malware as a “hostile downloader”, because once the infected app is installed on the victim’s device, it tricks the user with a fake update notice and request advanced permissions to be able to download and install apps from sources outside of Google Play.

Of course, attackers take advantage of that permission to install the malicious app on the deviceand then request advanced accessibility permissions. If granted, the Trojan can already Camp at your own pace and carry out its final task.

With over 10,000 downloads on a couple of weeksthe infected application, called DocumentManager, enjoyed great popularity from the moment of its publication on the Play Store. During that time, it could have infected a significant number of users around the world.

And what happens when you infect a device? Like all Trojans, “Hydra” goes to great lengths to try to go unnoticed on the victims’ device. Therefore, its operation occurs behind the user’s back, carrying out actions such as collect contacts and SMS, stealing cookies, installing cryptocurrency apps, stealing passwords, one-time keys, and more. If they manage to obtain this type of key, the attackers could have the ability to access bank applications using the credentials of the victims, being able to carry out money thefts.

In addition to that, at abuse Android accessibility servicesthe Trojan had the ability to prevent the removal of the app by the user.

From Cyble they share some recommendations to carry out in case of suspect that our mobile is affected by a similar threat, including frequently review data usage by installed appsor take into account the alerts offered by the operating system and its different protection methods.

Antivirus on Android, is it necessary to have one installed on the mobile?

And if you find one malware infection of this type, it is recommended to disconnect the device from the network and remove the SIM card, in addition to formatting the mobile to eliminate any trace of the malicious app. Although, as we have seen before, sometimes not even formatting the mobile is enough to eliminate certain types of viruses.

