Android users are facing a critical situation following the discovery that numerous apps are spreading dangerous banking malware on devices. Several apps have been affected, with millions of downloads recorded. These apps were all accessible on the Google Play Store, contributing to the widespread infection of smartphones.
The alert was raised by Zscaler’s ThreatLabs team, which identified several malicious apps containing the notorious Anatsa bug. This malware, which emerged in 2020, is capable of stealing credentials, logging keystrokes, and facilitating fraudulent transactions.
The method of infection used by Anatsa is particularly insidious. It employs a dropper technique, where threat actors introduce a seemingly harmless application on the official Google Play Store. Once installed, Anatsa clandestinely downloads a malicious payload disguised as an update from its command-and-control server, evading detection mechanisms and effectively infecting devices.
In addition to Anatsa, there have been other attacks reported. ThreatLabz disclosed that it flagged and reported 77 malevolent applications from different malware families to Google. Among these is the concerning Joker bug, which can read and send text messages, capture screenshots covertly, make unauthorized phone calls, and pilfer contact lists. It has even been known to subscribe infected users to premium services without their knowledge.
Zscaler emphasized the importance of scrutinizing app permissions and ensuring they match the app’s intended functionality to safeguard against such threats. Before installing any software, it is crucial to check reviews and research the developer thoroughly.
Enabling Google Play Protect is a recommended precautionary measure, as this service monitors apps and devices for malicious activities. It conducts safety checks on apps from the Google Play Store before download and provides warnings about potentially harmful apps. Moreover, it can deactivate or remove harmful apps from the device, enhancing user security.