- Zscaler ThreatLabs found 77 malicious apps in the Play Store
- They were downloaded more than 19 million times, carrying different malware
- The most prevalent variant was Joker
Security researchers have discovered 77 apps on the Google Play Store delivering all sorts of malware to users.
Cumulatively, the apps were downloaded 19 million times, according to Zscaler ThreatLabs, which uncovered the large campaign after investigating an infection by a popular Android baking trojan called Anatsa (or Tea Bot).
In the investigation, the researchers determined the majority of the apps – 25% – were used to deploy Joker, a piece of malware that can send texts, grab screenshots, make phone calls, exfiltrate contacts list, subscribe users to premium services, and more.
How to stay safe
Besides Joker, the researchers also spotted a variant called Harly, different adware code, and Anatsa, a dangerous banking trojan that can now steal login credentials and other sensitive information from more than 800 banking and crypto apps. Anatsa also seems to have increased its scope, now also targeting victims in Germany and South Korea.
Most of the malicious apps were described as “maskware” – on the surface they work as intended, but in the background, they can steal login credentials, sensitive data, and more.
Generally, security researchers would advise everyone to only download apps from reputable sources.
However, with the Google Play Store being one of those reputable sources, it is obvious that this advice is not enough to stay safe.
Users should also make sure Play Protect, Android’s built-in security system that scans apps from the Play Store and the device for malware, harmful behavior, or suspicious activity.
Furthermore, users should review each app before downloading, looking at the overall score, the number of downloads, and reviews. Glancing through the reviews should be enough to determine if an app is a potential problem, or not.
Finally, users should mind the permissions freshly installed apps ask for. Most of the time, malicious apps will require Accessibility permissions, and that can serve as a reliable red flag.
Via BleepingComputer
