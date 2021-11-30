



Remember to pay attention to what you install. A new bunch of Android apps have been downloaded over 300,000 times, stealing bank account information and running out of accounts.

As reported to Ars Technica, ThreatFabric’s group of researchers have discovered a set of applications that steal bank account credentials and funds from that account.

“What makes these Google Play distribution campaigns very difficult to detect from an automation (sandbox) and machine learning perspective is that all the malicious footprints of the dropper app are very small,” said mobile security firm Threat Fabric. Researchers write in blog posts. “This small footprint is a (direct) result of the permission restrictions enforced by Google Play.”

In other words, the app will launch as non-malicious. For example, QR scanners, PDF scanners, cryptocurrency wallets, etc. Once installed, the app will require the user to download the update via a third-party source. This means that you circumvent Google Play protection by sideloading updates to your device.

Working this way also means that the app is completely harmless when first downloaded from Google Play and will not be detected by the virus scanner during installation. They won’t work until they can win the trust of users and convince them to download third-party updates.

“This incredible attention to avoiding unnecessary attention reduces the reliability of automated malware detection,” said the Threat Fabric post. “This consideration is confirmed by the very low overall VirusTotal score of the nine droppers examined in this blog post.”

A particular malware family, called Anatsa, is a bank that targets Trojan horses on Android. It features remote access and an automatic money transfer system that allows users to empty their bank accounts once they have access. Comes with the ability to steal passwords and two-factor verification codes. You can also record keystrokes and take screenshots.

So what can you do to evade apps that bypass Google’s defenses? Do not sideload app updates downloaded to Google Play. If your app requires regular updates, Google Play has its own update process, so there’s no reason for updates to be sideloaded. The only reason developers need to sideload updates is if for some reason they’re trying to circumvent Google’s protection.

In addition, if possible, try downloading the app from a reputable company. You can also ensure safety by deleting apps that you no longer use.

