BEWARE: This Google Play App Downloaded Over 10K Times Contains Info-Stealing Trojan

A Google Play app that has been downloaded over 10,000 times is supposedly the culprit for a so-called remote access trojan virus (RAT).

Google Play To Allow South Korea Have Alternative In-App Purchase Options! Users Can Now Choose How To Check Out
CHIBA, JAPAN - SEPTEMBER 12: An attendee walks past the Google Play booth on the business day of the Tokyo Game Show 2019 at Makuhari Messe on September 12, 2019 in Chiba, Japan. The Tokyo Game Show will be open to the public on September 14 and 15, 2019. Photo by Tomohiro Ohsumi/Getty Images

This trojan, as per ArsTechnica, goes by two names: Teabot and Anatsa. According to analysis, it allows any cybercriminals using it to steal user passwords, text messages, and basically almost any other type of sensitive data that could be exploited for financial gain.

Teabot first popped up last May 2021 as a so-called Android banking trojan. In an article by Cleafy, it was said to be designed to steal victims' credentials and SMS messages, which is achieved using the affected device's live streaming capabilities, which is requested on demand.

Once hackers take control, they are able to perform a maneuver called an Account Takeover directly from the affected phone, which is also called On-Device Fraud. It was reportedly first distributed via apps called TeaTV, DHL, UPS, and even VLC Media Player apps.

Many of the Google Play app trojan's initial victims were located in major countries all over the world, including Russia, the United States, and the UK, among others. It was targeting the likes of banks, crypto wallets, and digital insurance.

These institutions seem to have been targeted as early as January and July of last year, when Cleafy identified Teabot as the Android malware targeting banks in Europe. It wasn't detailed how much money the hackers are stealing from the scheme (or whether they even got to steal any), but it's still a major cybersecurity threat nonetheless.

Initially, the app somehow dropped out of the radar. But now it is back, and is now masquerading as a QR code app called QR Code & Barcode - Scanner, writes Bleeping Computer. So if you're looking for a QR code app, beware of this app's name and avoid it like the plague-more so if you do much of your banking from your Android phone.

online banking
online banking Getty Images

Where Did This Google Play Trojan Come From?

As of late, nobody knows. But it's far from the only one to come out recently that does what it does, and that's for certain.

Back in February, another Android malware also posing as legitimate apps was detected. Called the Joker malware, this malware was detected in a total of 14 Android apps, as per Kaspersky analyst Tatyana Shishkova. It also reportedly steals money from its victims right under their noses.

How To Protect Against Android Malware

Fortunately, it is not that hard to protect your phone from any malware posing as Google Play apps. All you need to know is how to spot these fake apps before you unknowingly install them on your phone.

Among the best methods for spotting these fake apps, according to Kaspersky, is to read through the permissions that the app requires. Try to see whether the permissions match the app's purpose (i.e. a camera app that requires access to your contacts is something suspicious). You can also check the app's reviews for any sign of irregularity or major problems.

Android
Android app Pexels/Pixabay

Lastly, just be vigilant and only download apps from trusted, verified sources. Do not download anything from third-party marketplaces as much as you can, and stay away from "free antivirus trials" which say that your phone is already infected with malware, and offer to "clean it."

This article is owned by Tech Times

Written by RJ Pierce

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics