- Zscaler Threatlabs found 77 malicious applications in the Play Store
- They have been downloaded more than 19 million times, carrying different malware
- The most widespread variant was Joker
Security researchers discovered 77 applications on the Google Play Store delivering all kinds of malware to users.
Cumulatively, the applications have been downloaded 19 million times, according to Zscaler Threatlabs, which discovered the large campaign after investigating a popular Android baking troyen called Anatsa (or Tea Bot).
In the survey, the researchers determined that the majority of applications – 25% – were used to deploy Joker, a part of malware that can send SMS, enter screenshots, make telephone calls, a list of exfiltrate contacts, subscribe users to premium services, etc.
How to stay safe
In addition to Joker, the researchers have also spotted a variant called Harly, a different adware code and Anatsa, a dangerous banking horse horse which can now steal connection identification information and other sensitive information of more than 800 banking and crypto applications. Anatsa also seems to have increased its scope, also also targeting victims in Germany and South Korea.
Most malicious applications have been described as “masks” – on the surface, they operate as expected, but in the background, they can steal connection identification information, sensitive data, etc.
Generally, security researchers would advise everyone to download only applications from renowned sources.
However, the Google Play Store being one of these renowned sources, it is obvious that this advice is not enough to stay safe.
Users must also ensure that Play Protect, the integrated Android safety system that analyzes the applications of the Play Store and the device for malware, harmful behavior or suspicious activity.
In addition, users must consult each application before downloading, looking at the overall score, the number of downloads and reviews. The look in the opinions should be sufficient to determine whether an application is a potential problem, or not.
Finally, users must take care of the authorizations of freshly installed applications require. Most of the time, malicious applications will require accessibility authorizations and which can serve as a reliable red flag.
Via Bleeping Compompute
