Subscribe to Entrepreneur for $5
Subscribe

Google Removes Malware Apps That Stole Banking Logins On Android

Google –Alphabet Inc Class A (NASDAQ:GOOGL)– has removed a group of apparently inoffensive apps, which in truth were malware used to steal Android users' banking logins. According to experts who...

By
This story originally appeared on ValueWalk

Google –Alphabet Inc Class A (NASDAQ:GOOGL)– has removed a group of apparently inoffensive apps, which in truth were malware used to steal Android users’ banking logins. According to experts who discovered the scam, the apps were downloaded more than 300,000 times.

geralt / Pixabay - Valuewalk

 

Q3 2021 hedge fund letters, conferences and more

 

Trojan Horse

As reported by CNET, “Mobile security researchers at mobile security company ThreatFabric found malware designed to steal people's online banking passwords and two-factor authentication codes.” The experts said the malware was able to log keystrokes and also took screenshots of users’ phones.

The bogus apps utilized several fraud methods, and researchers established that many of them could evade Google's new security limits by first presenting users with an apparently authentic app that originally tested negative for malware. The apps even worked like publicized when people downloaded them for the first time.

However, once users installed the apps, an update prompt appeared. Users who made the update allowed malware to be installed as a Trojan horse, “a type of malware characterized by its initially harmless appearance.”

Wired informs that the apps mainly posed as QR scanners, PDF scanners, and cryptocurrency wallets. They all belong to different types of malware and were distributed over four months.

Malicious Footprint

As informed by the specialized portal, “They used several tricks to sidestep restrictions Google has devised in an attempt to rein in the unending distribution of fraudulent apps in its official marketplace.”

“Those limitations include restricting the use of accessibility services for sight-impaired users to prevent the automatic installation of apps without user consent.”

Researchers from ThreatFabric wrote in a post: “What makes these Google Play distribution campaigns very difficult to detect from an automation (sandbox) and machine learning perspective is that dropper apps all have a very small malicious footprint.”

“This small footprint is a (direct) consequence of the permission restrictions enforced by Google Play.”

Google is part of the Entrepreneur Index, which tracks 60 of the largest publicly traded companies managed by their founders or their founders’ families.