Google has a problem—a serious Play Store problem. A dangerous threat we were told had been banished from the store has seemingly just been found there again, and that will rightly alarm millions of users.
It’s just a few weeks ago that Android users were warned that 90 dangerous apps with 5.5 million installs had been found on Play Store. At the time, Google assured users that “all of the identified malicious apps have been removed from Google Play, [and] Google Play Protect also protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services.”
And yet, here we are again—those defenses seem to have failed.
The malware in question is Anatsa, which Zscaler warns “exfiltrates sensitive banking credentials and financial information from global financial applications.” Once installed by means of a separate dropper app, Anatsa scans the infected device for banking apps it is coded to attack. It then captures login details via a fake login page overlaid over the real app and intercepts SMS passcodes. Then it drains your account.
In May, Zscaler suggested that “the recent campaigns conducted by threat actors deploying the Anatsa banking trojan highlight the risks faced by Android users,” users who were trusting the security of Google’s Play Store, it added.
And now Zscaler has just issued a fresh warning, that its ThreatLabz “has detected another malicious Android app that is currently live in the Google Play store… The app is disguised as a QR reader and file manager, but is actually a malware loader for the Anatsa banking trojan.” It’s a nasty case of déjà vu.
I have approached Google for any comments on this latest warning.
Anatsa’s use of an apparently clean app as a dropper has been key to its success. “This strategic approach,” Zscaler says, “enables the malware to be uploaded to the official Google Play Store and evade detection.” Past droppers have been trivial PDF and QR code readers and similar. And this latest warning is yet another of those QR readers.
As such, the golden rules to staying safer on Android remain as critical as ever:
- Stick to official app stores—don’t use third-party stores and never change your device’s security settings to enable an app to load; also ensure Google Play Protect is enabled on your device.
- Check the developer in the app’s description—is it someone you’d like inside your life? And check the reviews, do they look legitimate or farmed? Avoid the indiscriminate installation of trivial apps you do not need.
- Do not grant permissions to an app that it should not need: torches and star-gazing apps don’t need access to your contacts and phone. And never grant accessibility permissions that facilitate device control unless you have a need.
- Never ever click links in emails or messages that directly download apps or updates—always use app stores for installs and updates.
- Do not install apps that link to popular, established apps unless you know for a fact they’re legitimate—check reviews and online write-ups.
Source link