Just when we thought Google Play Store security mechanism was coming to grips with notorious hackers, a major malware attack that went unnoticed has put it in the firing line again. This has been going on since August 2021 and has now surfaced to everyone’s surprise. We are talking about a group of four Android banking trojans named – Anatsa, Alien, Hydra, and Ermac – that have been introduced into the Google Play Store with the modus operandi of bypassing the stringent restrictions and automatic detection.
Unassumingly users had no clue that the apps they were downloading from Google Play put their sensitive information at risk. This security breach was detected by fraud prevention experts ThreatFabric that ultimately busted the scam.
The malware droppers (as the firm calls them) were tactically placed in common apps like PFD scanners, OR code scanners, cryptocurrency apps, authenticator apps, security apps, and self-help apps. Astoundingly, the apps were downloaded more than 31,000 times over this period.
Interestingly, not all users who downloaded the affected apps were directly in harm’s way as the intended targets were in specific regions and tracked manually by hackers. The victims were then pushed a notification to update the app which delivered the payload.
If the user ignored the warning that downloading content from a source outside of the Google Play Store is dangerous, the intended purpose of hackers is achieved. Thereafter, the disguised app asks for more permissions to take control of the device remotely and steals credentials.
The reason why the droppers were not detected by Google Play Store security is the reduced footprint as they don’t ask initially for permissions like Accessibility Service. Another reason is the normal behavior of apps initially which prompts the users to put up good reviews on the Google Play Store.
For now, to stay safe, it is advised to uninstall any suspected apps and not click on any suspicious notification messages. To learn more about all the affected apps and double check if any one of them is installed on your phone, head over to Threat Fabric right away.