[the_ad id="12394"]
HomeUpdateLook how hackers are expanding their methods to cause trouble

Look how hackers are expanding their methods to cause trouble

-

Malware peddlers have used malware droppers introduced in Google Play to propagate four kinds of Android banking trojans since August 2021. They did so by using a number of tactics to get around the app store’s limits, avoid automatic detection, and convince users that the apps they downloaded were safe and legal.

Look how hackers are expanding their methods to cause trouble 1

The malware droppers posed as PDF scanners, QR code scanners, cryptocurrency apps, self-training, authenticator, and security apps, according to researchers from fraud prevention firm ThreatFabric, and were collectively downloaded over 310,000 times.

The silver lining in this circumstance is that not all people who downloaded them were eventually infected with banking trojans: the malware was only delivered manually and only to users in specified regions of interest.

Anatsa, Alien, Hydra, and Ermac are the names of the different banking trojan families distributed through these operations. Each of them is designed to attack a wide range of banking, cryptocurrency, mobile payment, and email apps.

Look how hackers are expanding their methods to cause trouble 2

The campaigns usually go something like this:

1. Malware peddlers smuggle droppers into Google Play under the guise of useful apps that genuinely work.

2. These apps send device information to a command and control server once they’ve been installed and run for the first time.

3. Some users may be asked to update the app in order to continue using it 4. If they agree and ignore warnings that downloading content from a source other than Google Play is risky, the banking trojan is installed on the device and asks for a broader set of permissions, which will allow it to steal credentials by capturing everything displayed on the user’s screen and logging keystrokes.

The criminals behind these operations have devised a number of techniques to prevent the droppers from being detected/blocked by Google Play and antivirus software, as well as the malicious payloads from falling into the hands of security researchers.

Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.

Must Read

Google is manufacturing an AR Headset

0
The hunt monster has as of late started increasing work on an AR headset, inside codenamed Project Iris, which it desires to deliver in...