Researchers from cybersecurity firm ThreatFabric detail how password-stealing Android banking trojans have been disguised as QR code readers, fitness monitors, cryptocurrency apps, and more.
Over 300,000 Android smartphone users downloaded what turned out to be banking Trojans after falling victim to malware that bypassed detection from the Google Play app store.
According to information received from ThreatFabric cybersecurity researchers , the four different forms of malware are transmitted to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors, and cryptocurrency apps.
Apps are also often advertised on Google Play , so users don’t get suspicious.
In any case, the malicious intent of the infected app is well hidden and the malware infiltration process begins only after the app is installed, thus allowing it to bypass the Play Store detections.
The most prolific of the four malware families is Anatsa , which has been installed by over 200,000 Android users: researchers describe it as an “advanced” banking Trojan capable of stealing usernames and passwords .