Trend Micro has identified a campaign that uses four different malware to steal Android users’ passwords and banking credentials. The malicious files were hidden in at least 17 apps and the security company notified Google to remove them.
The action includes selling viruses to anyone who wants to carry out attacks. This is a process known as dropper as a service (DaaS). According to experts, the activity has been going on since 2021 and uses cleaning apps, utilities and games to appear legitimate.
The attacks use popular services to go undetected: in addition to the Google Play Store, they can be found on GitHub and other cloud computing platforms. One of the malware is TeaBot, which records what the user writes and can intercept two-step authentication codes.
Another is Octor, which uses victim-granted permissions to capture screens and steal information from browsers. In addition, you can change settings to keep your phone unlocked while files are being uploaded to criminals or dim the screen so that the user doesn’t notice that something is wrong.
The Hydra and Ermac viruses were also used in the action. Both are banking malware that record data entered by the victim and steal their personal information to gain access to banking apps and private email and social media profiles.
See below which apps were compromised:
how to protect yourself
To avoid the Play Store’s defenses, the strategy of the developers of these malicious software is to use droppers — which only start the infection after the app is installed on the victim’s cell phone. Even so, the official store is the best way to protect the platform.
Always avoid downloading unknown apps and pay attention to reviews and ratings. Also, always try to do a Google search to find quality apps. It is also important to keep your operating system up to date and have security software on your smartphone.
If you have any of the identified apps on your phone, please uninstall it immediately. Check the device and stop using software that contains sensitive information until you are sure the device is safe again.