- Meta Advertisements and an SMS campaign leads to traffic towards hundreds of false Play Store pages
- There, the victims download false applications that carry the PlayyPraetor malware
- Malware can record strikes, enter identification information and monitor the clipboard
More than 11,000 Android devices have recently been infected with a new variant of the Trojan with PlayyPraetor (RAT) remote access.
It is according to the Cleafy cybersecurity researchers, who said that there is a continuous aggressive campaign to distribute malware to as many devices as possible. Until now, the rat creates more than 2,000 new infections each week, mainly targeting devices in Portugal, Spain, France, Morocco, Peru and Hong Kong.
Playpraetor is apparently Chinese malware, reports The Hacker News. Citing previous research, the publication claims that there are “thousands” of false download pages of Google Play Store, announced through Meta Ads and SMS messages, in order to reach the most public as possible. Until now, researchers have identified five distinct variants from Playpraetor, among which is called Phantom, and a variant called Phish.
Hundreds of usurped applications
Those who end up installing malware can expect to lose their banking identification information, have followed their clipboard and recorded keys / taps. Currently, PlayPreator can pretend to be more than 200 banking applications and cryptocurrency wallets, because it offers a superposition that steals connection identification information.
In addition to pretending to be real applications, malware is also distributed via false progressive web applications (PWA), as well as webview applications. The latter was observed in the PHISH variant while Phantom, for example, operates accessibility services to obtain persistent access.
This variant also grants attackers the ability to carry out fraud on the devices and is apparently exploited by two affiliates which control almost two thirds of the botnet (around 4,500 final points).
To defend yourself against such attacks, the best course of action is to be careful when downloading applications, and to follow the people listed on official standards such as the Play Store. Even there, users should only opt for applications developed by well-established brands, which have thousands of downloads and positive opinions.
Via The Hacker News
