(Credit: MrMikla/Shutterstock.com)
More than 90 different Android apps available on Google Play have been found to contain malware, according to cloud cybersecurity firm Zscaler.
The malicious apps, which collectively garnered over 5.5 million installs, typically pose as PDF or QR code readers. In reality, they contain banking malware that secretly collects your data behind the scenes once you install a malware-laden app update. The payload then displays fake banking login pages on your device, which can be used to swipe your financial credentials and potentially access your bank accounts.
The "PDF Reader & File Manager" Android app from a developer called TSARKA Watchfaces and "QR Reader & File Manager" from a developer dubbed "Risovanul" are two examples of apps Zscaler found to contain the malware. The two apps saw over 70,000 downloads combined, but both have since been removed from the Play Store. These apps still pose a security threat to anyone who already downloaded them, however.
Notably, both apps contain suspicious warning signs that suggest they are not legitimate. For one, neither app has a recognizable or logical developer name. They also don't offer a professional support email connected to a web domain matching the developer's name. Instead, both apps use free Gmail accounts with seemingly random prefixes.
According to Zscaler, most of the other apps on Google Play with malware fall into the "tools" category, with plenty of other malicious apps disguising themselves as "personalization" or photography apps. While Zscaler focused its analysis on Anatsa, it identified several malware families distributed via the Google Play store, including Joker, Adware, Facestealer, and Coper.
"Although they take up the smallest [malware family distribution] share at 2% and 1% (respectively), Antasa and Coper are well-known and highly impactful banking trojan malware families. Last year, we observed multiple instances of Coper banking malware present in the Google Play store," Zscaler says.
Unfortunately, just because an app is on Google Play Store or Apple's App Store doesn't necessarily mean it's safe to download and use. Other types of banking trojan malware recently surfaced in April, like "Brokewell," which allows attackers to gain full access to and remote takeover of victims' devices. Android malware has been an ongoing threat for years, and Anatsa malware previously surfaced earlier this year as well as back in 2022.