- Zscaler Threenaylabs found 77 malicious applications in Play Store
- More than 19 million times were downloaded, with different malware
- The most frequent variant was Joker
Security researchers have discovered 77 applications in the Google Play store offered by all kinds of malware to users.
In cumulatively, the applications were discharged 19 million times, according to Zscaler Amangelabs, which discovered the great campaign after investigating an infection by a popular Android Trojan called Anatsa (or tea bot).
In the investigation, the researchers determined that most applications, 25%, were used to implement Joker, a piece of malware that can send text messages, capture screenshots, make phone calls, former contact of contacts, subscribe users to premium services and more.
How to stay safe
In addition to Joker, the researchers also saw a variant called Harly, different adware code, and Anatsa, a dangerous bank trly that can now steal login credentials and other confidential information of more than 800 banking and cryptographic applications. Anatsa also seems to have increased their scope, now also attacking the victims in Germany and South Korea.
Most malicious applications were described as “maskware”: on the surface they work as planned, but basically, they can steal login credentials, confidential data and more.
In general, security researchers would advise everyone to download applications from good reputation sources.
However, with the Google Play store as one of those sources of good reputation, it is obvious that this advice is not enough to stay safe.
Users should also ensure that Play Protect, the Android incorporated security system that scan Play Store applications and the device for malware, harmful behavior or suspicious activity.
In addition, users must review each application before downloading, observing the general score, the number of downloads and reviews. Looking through reviews should be sufficient to determine whether an application is a potential problem or not.
Finally, users must import permits that request newly installed applications. Most of the time, malicious applications will require accessibility permissions, and that can serve as a reliable red flag.
Through Bleepingcomputer
