The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users
Malware authors keep testing the vigilance of Android users by sneaking disguised mobile banking Trojans into the Google Play store. We’ve recently analyzed a set of 29 such stealthy Trojans, found in the official Android store from August until early October 2018, masquerading as device boosters and cleaners, battery managers and even horoscope-themed apps.
Unlike the increasingly prevalent malicious apps relying purely on impersonating legitimate financial institutions and displaying bogus login screens, these apps belong to the category of sophisticated mobile banking malware with complex functionality and a heavy focus on stealth.
These remotely controlled Trojans are capable of dynamically targeting any apps found on the victim’s device with tailor-made phishing forms. Aside from this, they can intercept and redirect text messages to bypass SMS-based two-factor-authentication, intercept call logs, and download and install other apps on the compromised device. These malicious apps were uploaded under mostly different developer names and guises, but code similarities and a shared C&C server suggest the apps are the work of a single attacker or group.