Dangerous banking Trojans disguised as phone boosters, battery manager apps fool thousands

As smartphones get cheaper and better, more and more people are buying them, especially Android ones as the competition is fiercer among OEMs on the open-sourced platform as compared to Apple’s iOS. But the convenience doesn’t come without its own risks and it looks like Android users are at a higher risk of getting duped by dangerous Trojans disguised as useful apps like phone boosters, battery managers and horoscopes.

There are more than two billion active devices running Android OS and there are apps for everything, from social networking to food services and such. Android offers millions of apps for free, the strongest appeal while looking for apps to make life easier. But overlooking some basic things can cost a lot, as was the case of thousands of Android users who fell for the malicious apps with banking malware.

Thanks to the careful eyes at ESET, Google Play Store is now safer than before as nearly 30 malicious apps disguised as phone cleaners, battery managers, horoscope apps were removed after being reported to Google. But the time these apps remained in the Play Store, they had already been installed by almost 30,000 users.

These malicious apps are stealthy Trojans that can be controlled remotely after gaining complete access to the victim’s phone. The apps can intercept call logs, download apps and worse bypass two-factor verification by redirecting SMS. The apps appeared to belong to a single attacker or group even though they appeared under different developer names, ESET noted in its post.

India Tops List Of Golroted Malware Attacks: What Are The Risks And How To Protect Yourself And Your Business?
Google Play Store allowed Trojan apps slip in, thousands of users fell for itkaspersky.com

In addition to gaining such intrusive access in the compromised device, the malware has the ability to impersonate any app on the phone. This is done by obtaining the HTML code of the apps on the phone and then overlaying fake forms on top of legit apps. End users won’t be able to suspect a thing.

Below is the list of 29 apps that ESET found to be malicious in nature and have since been removed:

1. Power Manager
2. Astro Plus
3. Master Cleaner – CPU Booster
4. Master Clean – Power Booster
5. Super Boost Cleaner
6. Super Fast Cleaner
7. Daily Horoscope For All Zodiac Signs
8. Daily Horoscope Free – Horoscope Compatibility
9. Phone Booster – Clean Master
10. Speed Cleaner – CPU Cooler
11. Ultra Phone Booster
12. Free Daily Horoscope 2019
13. Free Daily Horoscope Plus – Astrology Online
14. Phone Power Booster
15. Ultra Cleaner – Power Boost
16. Master Cleaner – CPU Booster
17. Daily Horoscope – Astrological Forecast
18. Speed Cleaner – CPU Cooler
19. Horoscope 2018
20. Meu Horóscopo
21. Master Clean – Power Booster
22. Boost Your Phone
23. Phone Cleaner – Booster, Optimizer
24. Clean Master Pro Booster 2018
25. Clean Master – Booster Pro
26. BoostFX. Android cleaner
27. Daily Horoscope
28. Daily Horoscope
29. Personal Horoscope

Besides this, a separate report pointed out another Trojan app with similar nature as that of the aforementioned list. Disguised as a currency converter app under the name “Easy Rates Converter,” the app downloads a Trojan in the form of “Update Flash Player” in the background.

Once successfully penetrated through the security of the Android system by gaining permissions granted by the user, the app waits until a banking app is launched on the phone. Then it overlays a fake app screen that looks pretty convincing and sends the banking credentials to phishers’ servers.

The app’s malicious activity was reported by Lukas Stefanko along with a video demonstrating the malware in action.

How to stay safe?

While it’s easier to fall victim to such stealthy malicious apps, paying attention to the details can go a long way in the process. But the best practices are:

  • To download apps from Play Store
  • To check app’s reviews, ratings, downloads
  • To review permissions before installing apps
  • To have a reliable mobile security solution

Source

Related Post

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.