Over the past few months, more than 5.5 million installations of infected apps on smartphones have been recorded. What are the consequences of this huge wave of infection? Data theft and hacked bank accounts. Even more frightening is the fact these applications can be found in the official Google Play Store.
With smartphones and apps playing a very important role in our everyday lives, they’ve become indispensable. Android users simply need to launch the Google Play Store, type a few keywords, and click “Install”. The relevant app will then be installed. However, millions of users who are rather lax in security measures have fallen to the scourge of banking trojans, which is one of the drawbacks of not knowing about Android scams.
Researchers discover 90 infected apps
Security researchers from Zscaler ThreatLabz have discovered over 90 applications in the Google Play Store in recent months that are security threats, having seen over 5.5 million installations to date. In other words, there are 5.5 million infected smartphones with the well-known banking trojan Anatsa (also known as Teabot) running.
The original installation package downloaded from the Play Store does not contain any malware. The researchers claim the trojan is subtly inserted via an update. This allows the malware to bypass Google’s protective mechanisms to end up in the Play Store. The tool then searches for installed banking apps, and upon identifying them, it downloads a fake login page for that bank. The scammers hope this will deceive users to extract their personal banking information.
How do you recognize infected apps?
The first signs of malware can be detected in the Google Play Store. It is recommended to pay attention to both the number of downloads and ratings. Other users often warn that the app may not function properly, has unusually high data usage, or requests too many unexpected permissions. These are all telltale signs of infected applications.
Furthermore, security researchers caution that cybercriminals often disguise infected apps as flashlights, PDF readers, or QR code scanners. This requires extra attention when checking out these tools. If you suspect your smartphone is infected with a banking trojan, we highly recommend you delete the application immediately and change your electronic banking password.
However, the German Federal Office for Information Security emphasized that in select cases, Anatsa can only be eliminated by resetting the smartphone to its factory settings. If that doesn’t work either, using Android’s safe mode might help.
Have you performed a security risk assessment on your smartphone so far? What other steps have you taken to ensure your electronic banking experience is a safe one?
