Computer viruses and hackers keep renewing themselves in an attempt to catch their victim. Stronger restrictions and protections force hackers to find new ways. ThreatFabric researchers have uncovered a list of malicious apps that were downloaded from the Google Play Store more than 300,000 times before the viruses became active.
The apps came in the form of QR code scanners, PDF scanners, or even cryptocurrency wallets. Cybercriminals have used several methods to bypass Google restrictions in order to infect users undetected.
Gain user trust
Initially, the apps did not have a viral payload. It allows users to get used to using it. ThreatFabric researchers explain that “What makes Play Store malware campaigns so difficult to detect is that all apps have a very low malicious footprint.”
Once they get used to the software, users will receive a message asking them to download updates from an external source to the Google Play Store. “This incredible focus on avoiding unwanted attention makes automated malware detection less reliable,” says ThreatFabric.
The researchers discovered four families of malware in these apps: Alien, Hydra, Ermac, and Anatsa. The most common family was the Anatsa malware. An advanced Android banking Trojan that has many capabilities, such as remote access to systems and is able to automatically transfer funds from victims’ accounts to hackers’ accounts.
Chosen victims
In order to make their software as undetectable as possible, the people responsible for distributing this malware took time to post a large number of positive reviews and install the software on a large number of phones. In addition, the applications contain the functionality that they claim to have. So the victim is not aware of anything.
Finally, hackers did not send fake updates to all users. “The actors tried to target only the areas of interest to them,” the researchers explained. “If all conditions are met, the payload will be downloaded and installed.”
As the researchers explained, it is difficult to distinguish these malicious apps from legitimate apps. To avoid unpleasant surprises, it is better not to install an application with a small number of users. Finally, it is not particularly recommended to install apps or updates from external sources for the Play Store.
