The banking details of some Android users are being stolen by malicious apps. The Google Play Store reports that these apps have been downloaded over three million times.
These apps contain Trojan horses that steal the user’s banking details, such as passwords, codes, two-factor authentication (2FA), etc.
Apps like this breach the security of the Google Play Store by gaining access to the user’s device and stealing personal information.
According to reports, these apps display cryptocurrency wallets, QR scanners, and PDF scanners.
These apps minimized the limitations of using accessibility services for blind people to prevent automatic installation of apps without the user’s permission.
To avoid detection by Google Play security protocols and malware checkers, these groups use workarounds.
Normally, these apps can be downloaded from the Google Play Store just like any other app. However, these apps require the users to download updates from a third-party source.
In the event users agree to download these updates, a third-party source will inject malicious programs into the device which will help steal baking information.
Anatsa is an advanced Android banking trojan, as well as the largest malware group on the market.
The advanced system can transfer all the money from the user’s bank account to the malware operator’s account.
Researchers have also identified other notorious malware groups such as Alien, Hydra, and Ermac.
Android users must be aware of these malicious apps as Google Play Store is the home for various harmful apps and games.