Scam of the Week – Warning over Android Apps Infected with Dangerous Banking Malware

November 8, 2018 10:03 am Geraldine Strawbridge

Android users are being warned about 29 apps on Google Play that are infected with a powerful banking malware.

The malicious apps were discovered by security researchers at ESET, and were found to be masquerading as legitimate apps such as device boosters, device cleaners, battery managers and even horoscope themed apps.

Researchers said that: “Unlike the increasingly prevalent malicious apps relying purely on impersonating legitimate financial institutions and displaying bogus login screens, these apps belong to the category of sophisticated mobile banking malware with complex functionality and a heavy focus on stealth.”

The malicious apps have been designed to intercept calls, download apps, and redirect text messages to bypass SMS-based two-factor-authentication.

The apps are able to perform these functions by obtaining the HTML code of apps on the device and then inserting fake phishing forms in their place.

Researchers believe the apps are the work of a single attacker or group, and ultimately the main aim of the malware is to impersonate the user’s banking apps, obtain their credentials and steal money.

Image: Banking Trojans found on Google Play (Source: We Live Security)

As soon as ESET notified Google about the malicious apps, they were immediately removed from the Google Play Store, however up to 30,000 users had already installed the apps onto their device.

The full list of infected apps includes:

  1. Power Manager
  2. Astro Plus
  3. Master Cleaner – CPU Booster
  4. Master Clean – Power Booster
  5. Super Boost Cleaner
  6. Super-Fast Cleaner
  7. Daily Horoscope for All Zodiac Signs
  8. Daily Horoscope Free – Horoscope Compatibility
  9. Phone Booster – Clean Master
  10. Speed Cleaner – CPU Cooler
  11. Ultra-Phone Booster
  12. Free Daily Horoscope 2019
  13. Free Daily Horoscope Plus – Astrology Online
  14. Phone Power Booster
  15.  Ultra-Cleaner – Power Boost
  16. Master Cleaner – CPU Booster
  17. Daily Horoscope – Astrological Forecast
  18. Speed Cleaner – CPU Cooler
  19. Horoscope 2018
  20.  Meu Horóscopo
  21. Master Clean – Power Booster
  22. Boost Your Phone
  23. Phone Cleaner – Booster, Optimizer
  24. Clean Master Pro Booster 2018
  25. Clean Master – Booster Pro
  26. BoostFX. Android cleaner
  27. Daily Horoscope
  28. Daily Horoscope
  29. Personal Horoscope

Researchers said the apps don’t use any advanced tricks to continue infecting the device so they can be easily removed by going into settings, then General and clicking on Application Manager/Apps.

Users are also being advised to check their bank accounts for any suspicious activity and to consider changing their internet banking password for extra security.

To reduce your chance of installing a malware infected app, there are a number of guidelines you should follow:

  • Only buy apps from trusted sources

Buying apps from trustworthy sources reduces the chance of your device being hacked or infected with malware. To check the authenticity of a source, look at the full name, list of published apps and contact details in the app description within the Google Play Store.

  • Check permissions

Permissions are used by apps to access specific data and functions within the device. If an app has a long list of permissions that are unnecessary to the functioning of an app this should raise suspicions about the intent of its use. The fewer permissions an app requests, the more likely it is to be safe.

  • Learn about the developer

Take some time to research the developer of the app. Most app stores will include a link to the developer’s web page and this will give you a good idea if they are a reputable source.

  • Update phone software

Malicious apps will often take advantage of older versions of browsers so it’s vital that the latest software update is installed on your phone.

If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, contact us to find out how we can help.