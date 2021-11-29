



Researchers have downloaded the app from Google Play before it was revealed that the app was a banking Trojan that secretly sucked up user passwords and two-factor authentication codes, recorded keystrokes, and took screenshots. He said he had found more than 300,000 batches of.

The app, disguised as a QR scanner, PDF scanner and cryptocurrency wallet, belonged to four separate Android malware families distributed over four months. They used some tricks to circumvent the restrictions Google devised to curb the endless distribution of fraudulent apps on the official market. These restrictions include limiting the use of accessibility services for visually impaired users to prevent the app from being automatically installed without the user’s consent.

Small footprints

What makes these Google Play distribution campaigns very difficult to detect from an automation (sandbox) and machine learning perspective is that all the malicious footprints of the dropper app are very small, said mobile security company ThreatFabric. The researcher writes in the post. This small footprint is a (direct) result of permission restrictions enforced by Google Play.

Instead, campaigns typically initially delivered harmless apps. After installation, the user received a message instructing them to download the update with the additional features installed. In many cases, apps had to download updates from third-party sources, but by then many users have come to trust them. Most apps initially had zero detection by the malware checkers available on VirusTotal.

ThreatFabric

The app also flew under the radar using other mechanisms. To do this, malware operators often manually installed malicious updates only after verifying the geographic location of the infected phone or by updating the phone in stages.

advertisement

According to a ThreatFabric post, this incredible precaution to avoid unnecessary attention makes automatic malware detection less reliable. This consideration is confirmed by the very low overall VirusTotal score of the nine droppers examined in this blog post.

The most infected malware family is known as Anatsa. This fairly advanced Android banking Trojan offers a variety of features such as remote access and automatic forwarding system. The automatic forwarding system automatically emptys the victim’s account and sends it to the account belonging to the malware operator.

The researcher wrote:

The process of infecting Anatsa is as follows: At the start of the installation from Google Play, users will need to update the app to continue using it. At this point, the Anatsa payload is downloaded from the C2 server and installed on the unsuspecting victim’s device.

The actors behind it took care of the app to make it look legal and convenient. The app has a number of positive reviews. The number of installs and the presence of reviews can convince Android users to install the app. In addition, these apps do have the claimed features and work fine after installation, further convincing the victim of their legitimacy.

Despite the overwhelming number of installations, not all devices with these droppers installed receive Anatsa. This is because the actors have endeavored to target only the areas of interest.

ThreatFabric

The other three malware families discovered by researchers included Alien, Hydra, and Ermac. One of the droppers used to download and install malicious payloads was known as Gymdrop. We used filter rules based on the model of the infected device to prevent targeting of researcher devices.

Advertising new training exercises

If all the conditions are met, the payload will be downloaded and installed, the post states. This dropper also does not require accessibility service permissions. Simply requesting permission to install the package will prompt you to install a new workout exercise and grant this permission to your users. Once installed, the payload will be launched. Our threat intelligence shows that this dropper is currently being used to distribute alien banking Trojans.

Researchers have listed 12 Android apps involved in the scam. The app is:

App name Package name SHA-256 two-factor authentication com.flowdivison a3bd136f14cc38d6647020b2632bc35f21fc643c0d3741caaf92f48df0fc6997 protection guard com.protectionguard.app d3dc4e22611ed20d700b6dd292ffddbc595c42453f18879f2ae4693a4d4d925a QR CreatorScanner com.ready.qrscanner.mix ed537f8686824595cb3ae45f0e659437b3ae96c0a04203482d80a3e51dd915ab master scanner live com.multifuction.combine.qr 7aa60296b771bdf6f2b52ad62ffd2176dc66cb38b4e6d2b658496a6754650ad4 QR scanner 2021 com.qr . code.generate 2db34aa26b1ca5b3619a0cf26d166ae9e85a98babf1bc41f784389ccc6f54afb QR scanner com.qr.barqr.scangen d4e9a95719e4b4748dba1338fdc5e4c7622b029bbcd9aac8a1caec30b5508db4 PDF document scanner – scan PDF com.xaviermuches.docscannerpro2 2080061fe7f219fa0ed6e4c765a12a5bc2075d18482fa8cf27f7a090deca54c5 PDF document scanner com.docscanverifier.mobile 974eb933d687a9dd3539b97821a6a777a8e5b4d65e1f32092d5ae30991d4b544 b3b3e601a753b8f9d to 16c3123574523a3f1fb24bbe6748e957afff21bef0e05cd of PDF document scanner Free com.doscanner.mobile CryptoTracker’s cryptolistapp.app.com.cryptotracker’s 1aafe8407e52dc4a27ea 800577d0eae3d389cb61af54e0d69b89639115d5273c Gym and fitness trainer com.gym.trainer.jeux 30ee6f4ea71958c2b8d3c98a73408979f8179159acccc01b6fd53ccb20579b6b6b6fd53ccb20579b6bgym and fitness trainer com.gym.trainer.

ThreatFabric

A Google spokesperson who was asked to comment pointed out this post from April, detailing how companies can detect malicious apps sent to Play.

For the past decade, malicious apps have regularly plagued Google Play. Like this time, Google removes malicious apps as soon as they are notified, but chronically finds thousands of apps that have invaded the bazaar and infected thousands or even millions of users. I couldn’t.

Finding these scams is not always easy. Reading user comments can be helpful, but not always, because scammers often seed posts with fake reviews. Avoiding ambiguous apps with a small user base also helps, but in this case it didn’t work. Users also need to make sufficient pauses before downloading apps or app updates from third-party markets.

The best advice to keep safe from malicious Android apps is to refrain from installing the app very much. Also, if you haven’t used the app for a while, we recommend uninstalling it.

Sources 1/ https://Google.com/ 2/ https://arstechnica.com/information-technology/2021/11/google-play-apps-downloaded-300000-times-stole-bank-credentials/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos