Security researchers from Threatfabric uncovered four different Android banking Trojans distributed via the Google Play Store between August and November 2021. The Trojans reportedly made over 300,000 infections via different kinds of dropper apps disguised as legitimate smartphone applications.
Threatfabric analysts identified different droppers located in Google Play, designed to distribute specifically the banking Trojan Anatsa, which has advanced RAT and semi-ATS capabilities. Anatsa Trojan can perform classic overlay attacks to steal credentials, accessibility logging, and keylogging. The researchers also found multiple malware strains dropped by the Brunhilda threat actor group, derived from Hydra and ERMAC.
These dropper apps have small malicious footprints that make them difficult to detect from traditional security scans and detections. “To make themselves even more difficult to detect, the actors behind these dropper apps only manually activate the installation of the banking trojan on an infected device in case they desire more victims in a specific region of the world. This makes automated detection a much harder strategy to adopt by any organization,” the researchers said.
In a similar discovery, security researchers from Doctor Web uncovered a new Trojan that has infected over 9.3 million Android devices. The Trojan, dubbed “Android.Cynos.7.origin,” is a new kind of malware that disguises itself as various mobile games on Huawei’s AppGallery marketplace. Android.Cynos.7.origin steals information from a victim’s device, such as contact details, and displays unwanted ads. The researchers suspect that the Trojan is a modified version of the Cynos malware. Read More Here
The post Over 300,000 Users Affected by 4 Android Banking Trojans appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor