Four Banking Malware Discovered in Apps on Google PlayStore

Discovered bank thieving malware in QR Code Reader and PDF Reader apps

Android smartphone users are the latest victims of the four banking trojan malware that ignores the Google PlayStore virus rating. It turned out that they downloaded some malicious apps like QR code scanners, cryptocurrency apps and more. Cyber ​​security experts have discovered that these apps have advertising functions to avoid suspicion about their possible danger to Android devices.

According to a report from ZDNet, published on Tuesday, November 30, ThreatFabric analysts have detected four types of malware recently infected on Android devices. Experts wrote that the most notorious of them all is the Anatsa malware, which is a banking trojan that can steal users' credentials and other details such as passwords and email addresses.

This malware uses a keylogger that hackers use to easily record information on the device. Furthermore, this malware is mainly present in certain applications such as PDF readers and QR code readers. At the time of reporting, more than 200.000 users have suffered from this attack.

Read also:
Do you like poker and cryptocurrencies? Meet Polker
34 best games to win cryptocurrencies
Cryptokitties, meet kittens that are worth money
Axie Infinity Beginners Guide
Games similar to Axie Infinity

Four banking malware discovered on the playstore
Four banking malware discovered on PlayStore

Four malware could be stealing your data

Another malware detected by ThreatFabric was the Android Trojan called Alien. This can bypass two-factor authentication systems. It was mentioned in the report that there were already 95.000 downloads on the Google Play Store infected with this malware. If you happen to stumble across a fitness app on the platform, you might want to scan it a second time with your antivirus. Alien malware takes full control of these applications using a deceptive website that mimics a real website.

-- Advertising --

In recent months, Hydra and Ermac, the other two malware Banking Trojans, registered at least 15.000 installations. ThreatFabric found that the two malicious software are connected to the group of banking malware developers called Brunhilda.

The team found that these apps are currently undergoing a complete overhaul or were just removed immediately after inspection. Still, cybercriminals could be preparing another series of attacks against mobile users, so always make sure the apps you're downloading are safe and virus-free.

In an interview with ZDNet, the mobile malware expert at ThreatFabric, Dario Durando, said he is seeing the evolution of banking malware for Android. Additionally, this can lead hackers to migrate to mobile platforms to infect unsuspecting Android users. The tricky part here is that you can't easily identify whether the app is malicious in the first place, according to researchers.

“A good rule of thumb is to always check for updates and always be very careful before granting accessibility services privileges – which will be requested by the malicious payload after installing 'update' – and to be careful with applications that prompt you to install additional software , “During said.

Protect your security and your bank details

-- Advertising --

What apps to avoid on the Google Play Store

Experts have warned Android users that the following apps can be infected and steal their sensitive information, such as bank accounts, and even spy on their screenshots. They can also gain access to two-factor authentication codes and keystrokes. All of this is possible with the Automatic Transfer System tool (ATSs).

For example, users who have downloaded a QR code reader may receive phishing links or even receive suspicious advertisements. Cybersecurity analysts say these applications should be avoided at all costs. O Hackers News listed apps from the Google Play Store that you should not click, download or install.

  • PDF Document Scanner - Scan to PDF (com.xaviermuches.docscannerpro2)
  • PDF Document Scanner Free (
  • CryptoTracker (
  • Gym and Fitness Trainer (com.gym.trainer.jeux)
  • Two Factor Authenticator (com.flowdivision)
  • Protection Guard (
  • QR CreatorScanner (com.ready.qrscanner.mix)
  • Master Scanner Live (com.multifuction.combine.qr)
  • QR Scanner 2021 (com.qr.code.generate)
  • QR Scanner (com.qr.barqr.scangen)

Now, if you use any of these it's best to uninstall them immediately and go to your bank to check information about suspicious moves and change your passwords (preferably on another device). Leave it there in the comments if you use or used any of these apps and leave tips of apps that should be avoided or that are reliable and take the opportunity to read more News on our website.

Source: Lucifer's School

-- Advertising --
Avatar of paulo factory

Paulo Fabris is a journalist, writer, RPG player, gamer, cosplayer, nerd and fan of anime since the time of TV Manchete.