- ADS goal and an SMS campaign take traffic to hundreds of Play Store false pages
- There, the victims download false applications that carry the playpraetor malware
- Malware can record keys, obtain credentials and monitor the clipboard
More than 11,000 Android devices were recently infected with a new variant of Playpraetor Remote Access Troyan (Rat).
This is in accordance with Cybersecurity Clarefy researchers, who said there is a continuous and aggressive campaign to distribute malware to as many devices as possible. Until now, the rat creates more than 2,000 new infections every week, mainly directing devices in Portugal, Spain, France, Morocco, Peru and Hong Kong.
Playpraetor is apparently a piece of Chinese malware, Hacker News reports. Citing previous investigations, the publication states that there are “thousands” of fake download pages of Google Play Store, announced through Meta ads and messages SMS, in an attempt to reach a audience as large as possible. Until now, the researchers saw five different variants of Playpraetor, among which is called Phantom, and a variant called Phish.
Hundreds of counterfeit applications
Those who end up installing the malware can expect to lose their bank credentials, monitor their clipboard and their inch/registered taps. At this time, PlayPreator can impersonate more than 200 banking applications and cryptocurrency wallets, since it offers an overlap that steals the login credentials.
In addition to pretending to be real applications, malware is also distributed through false progressive web applications (PWA), as well as webView -based applications. The latter was observed in the Phish variant, while the ghost, for example, exploits accessibility services to obtain persistent access.
This variant also gives attackers the ability to make fraud on the device and is apparently operated by two affiliates that control almost two thirds of the botnet (around 4,500 final points).
To defend themselves from such attacks, the best course of action is to be careful when downloading applications, and only looks for those that appear in official repositories such as Play Store. Even there, users should only opt for applications developed by well -established brands, which have thousands of downloads and positive criticism.
Through The hacker news
