Google Play apps downloaded 300,000 times stole bank credentials

 In bank fraud, Biz & IT, google play, malware

Google Play apps downloaded 300,000 times stole bank credentials

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Google Play apps downloaded 300,000 times stole bank credentials

Enlarge (credit: Getty Images)

Researchers said they’ve discovered a batch of apps downloaded from Google Play more than 300,000 times before the apps were revealed to be banking trojans that surreptitiously siphoned user passwords and two-factor authentication codes, logged keystrokes, and took screenshots.

The apps—posing as QR scanners, PDF scanners, and cryptocurrency wallets—belonged to four separate Android malware families that were distributed over four months. They used several tricks to sidestep restrictions that Google has devised in an attempt to rein in the unending distribution of fraudulent apps in its official marketplace. Those limitations include restricting the use of accessibility services for sight-impaired users to prevent the automatic installation of apps without user consent.

Small footprint

“What makes these Google Play distribution campaigns very difficult to detect from an automation (sandbox) and machine learning perspective is that dropper apps all have a very small malicious footprint,” researchers from mobile security company ThreatFabric wrote in a post. “This small footprint is a (direct) consequence of the permission restrictions enforced by Google Play.”

Read 12 remaining paragraphs | Comments

Crooks find new ways to prevent Google from detecting malicious packages.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt