Hackers Tricked 300000 Android Users

Yes, you read that right, Hackers Tricked 300000 Android Users into downloading password-stealing malware. And that is why in this post we will highlight the points on how to stay safe while downloading apps and browsing the internet on your android phone.

The news about this latest breach came to light in a recent report from cybersecurity firm ThreatFabric. They revealed that over 300,000 Android users installed trojan apps that secretly stole their banking information. The said apps have been removed from the Playstore but it’s the methods used that we are interested in.

Hackers Tricked 300000 Android Users

According to the report by ThreatFabric, the malicious apps included QR scanners, PDF scanners, fitness trackers, and crypto apps. Unlike other fake apps that falsely advertise their features, many of the apps in this batch of malicious Android software worked properly to gain user trust.

The researchers broke the apps into four separate “families” based on the specific malware used:

  • Anatsa: The largest of the four malware families, with over 200,000 combined downloads, used a banking trojan called Anatsa. The trojan uses Android’s screen capture accessibility features to steal login information and other personal data.
  • AlienThe second-most downloaded trojan was Alien, installed on over 95,000 devices. Alien intercepts two-factor authentication (2FA) codes, which hackers can then use to log into a user’s bank account. 
  • Hydra and Ermac: The last two families used the Hydra and Ermac malware, both of which are linked to the Brunhilda cybercriminal outfit group. The group used the malware to remotely access a user’s device and steal banking information. ThreatFabric’s report says apps using Hyrda and Ermac racked up a combined 15,000+ downloads.
How to protect yourself

Normally, the Play Store will catch and remove apps with suspicious code. In these instances, however, the malware didn’t ship in the initial download, but was instead added in update users had to install to keep running the apps.

Using this method, developers can submit their apps without tripping Google’s detection. And since the apps work as intended, it’s unlikely the users will notice anything amiss. But when these malicious apps ask for extra access and privileges that’s when the trouble starts.

But don’t worry because there are a few things that you can do to keep your devices and data safe from similar malware apps. First, always pay attention to the permissions an app asks for. And not just the first time it’s installed, but whenever you use it.

Delete and report the app if anything it does seems suspicious or unnecessary. For example, there’s no reason a QR code scanner needs access to your accessibility services.

Leave a Comment