Android users are being warned about 29 apps on Google Play that are infected with a powerful banking malware.
The malicious apps were discovered by security researchers at ESET, and were found to be masquerading as legitimate apps such as device boosters, device cleaners, battery managers and even horoscope themed apps.
Researchers said that: “Unlike the increasingly prevalent malicious apps relying purely on impersonating legitimate financial institutions and displaying bogus login screens, these apps belong to the category of sophisticated mobile banking malware with complex functionality and a heavy focus on stealth.”
The malicious apps have been designed to intercept calls, download apps, and redirect text messages to bypass SMS-based two-factor-authentication.
The apps are able to perform these functions by obtaining the HTML code of apps on the device and then inserting fake phishing forms in their place.
Researchers believe the apps are the work of a single attacker or group, and ultimately the main aim of the malware is to impersonate the user’s banking apps, obtain their credentials and steal money.
Image: Banking Trojans found on Google Play (Source: We Live Security)
As soon as ESET notified Google about the malicious apps, they were immediately removed from the Google Play Store, however up to 30,000 users had already installed the apps onto their device.
The full list of infected apps includes:
Researchers said the apps don't use any advanced tricks to continue infecting the device so they can be easily removed by going into settings, then General and clicking on Application Manager/Apps.
Users are also being advised to check their bank accounts for any suspicious activity and to consider changing their internet banking password for extra security.
To reduce your chance of installing a malware infected app, there are a number of guidelines you should follow:
Buying apps from trustworthy sources reduces the chance of your device being hacked or infected with malware. To check the authenticity of a source, look at the full name, list of published apps and contact details in the app description within the Google Play Store.
Permissions are used by apps to access specific data and functions within the device. If an app has a long list of permissions that are unnecessary to the functioning of an app this should raise suspicions about the intent of its use. The fewer permissions an app requests, the more likely it is to be safe.
Take some time to research the developer of the app. Most app stores will include a link to the developer’s web page and this will give you a good idea if they are a reputable source.
Malicious apps will often take advantage of older versions of browsers so it’s vital that the latest software update is installed on your phone.