By This week, Zscaler, a security research firm, claimed they had detected over 90 fraudulent Android apps on the Play Store. The apps had been installed over 5.5 million times in total, and many were part of the current Anatsa malware operation, which targeted over 650 apps related to financial institutions.
As of February 2024, Anatsa had infected at least 150,000 devices with various decoy apps, many of which were advertised as productivity tools. While the identities of most of the applications involved in this current attack remain unknown, we know about two: PDF Reader & File Manager and QR Reader & File Manager. At the time of Zscaler’s inquiry, the two apps had received over 70,000 installs combined.
How do these malicious apps infect your phone?
Despite Google’s screening process for apps submitting to the Play Store, malware campaigns like Anatsa are cunning and can use a multi-stage payload loading technique to avoid these reviews. In other words, the software appears legitimate and only initiates a stealthy infection after being loaded on the user’s smartphone.
You might assume you’re downloading a PDF reader, but once loaded and launched, the “dropper” software will connect to a C2 server to acquire the necessary parameters and strings. It will then download and execute a DEX file containing the malicious code on your device. From there, the Anatsa payload URL is downloaded via a configuration file, and the DEX file installs the malware payload, finishing the process and infecting your phone.
Fortunately, all of the detected apps have been withdrawn from the Play Store, and their makers have been banned. However, if you have downloaded these apps, they will remain on your smartphone. If you have either of these two apps on your phone, you should uninstall them immediately. You should also reset the passcodes for any banking apps on your phone to prevent the threat actors behind Anatsa from accessing your accounts.
How To Avoid Malware Apps
While criminal developers might be cunning with their attacks, there are several guidelines you can use to assess whether an app on the Play Store is authentic. The first step is to pay close attention to the app’s listing. Look at its name, description, and photographs. Is everything consistent with the service that the developers are advertising? Is the copy well-written or plagued with errors? The less professional the page appears, the more probable it is a forgery.
Only download apps from trusted publishers. This is especially critical if you’re downloading a popular programme, as malware apps can spoof well-known apps on phones and other devices. Check the developer behind the programme to ensure they are who they claim to be.
Check the app’s needs and permissions. Anything that requests accessibility should normally be avoided, as it is one of the primary methods that malware groups circumvent the security measures installed on many contemporary devices. Other permissions to watch out for include apps requesting access to your contact list and SMS. If a PDF reader requests your contact information, that’s a significant red flag.
Read the app’s reviews as well. Keep an eye out for apps with little ratings or reviews that appear suspiciously good.
The app’s support email address can also be informative. Many malware apps will have a random Gmail account (or another free email address) linked to their support email. While not every programme will include a professional email address for assistance, you can typically detect if anything is suspicious based on the information provided by the group.
Unfortunately, there is no certain way to avoid malware apps unless you don’t install any at all. However, if you’re cautious about the apps you’re installing and pay attention to the permissions, developer, and other crucial information, you can usually tell whether an app is suspicious.
Views: 458
