Android smartphones are extremely popular. In fact, statistics show that globally, nine in 10 smartphones are running various versions of Android.
However, due to their sheer numbers, Android phones are increasingly targeted with mobile malware and these attacks are mounting fast. Although the Google Play Store is still the safest source of Android apps, rogue apps still manage to slip through the cracks, eluding Google’s screening process.
Take these recently outed apps, for example. They might all look like legitimate apps, but in reality, they are malware designed to steal your cash.
Banking Trojans in disguise
Beware! Almost 30 apps lurking within the Google Play Store have been discovered to be banking Trojan apps in disguise.
Security researchers from ESET spotted the stealthy apps on the official Android app store and they revealed that they were available from August until early October of this year. That’s more than two months they’ve evaded detection — enough time to cause damage.
Image Credit: ESET
The malicious apps were masquerading as various utilities like battery managers, device cleaners, boosters and even as daily horoscope apps. If you’ve downloaded an Android app of this sort recently, please check it against the provided list below.
Method of attack
Typically, Android banking Trojan apps are just classic phishing scams that employ overlay screens and fake login pages.
However, ESET warns that this newly discovered group of apps “belong to the category of sophisticated mobile banking malware with complex functionality and a heavy focus on stealth.”
How come? For one, aside from their ability to impersonate banking apps, these malicious apps can bypass two-factor authentication codes by intercepting and redirecting your text messages and by reading your call logs.
These Trojans can also target any apps installed on your Android phone and even install other malicious apps remotely.
Although they appear to be coming from various developers, ESET’s analysis reveals that these apps share similar code and they’re all controlled by the same command-and-control (C&C) server. This suggests that they all came from a single attacker or cybercriminal syndicate.
Once installed and launched, these Trojans will first display an error saying that they have been removed from your phone due to incompatibility.
Image Credit: ESET
But in reality, they are just concealing themselves from view and they’re still active in the background. The trojan then proceeds to download the actual banking malware on your gadget while remaining hidden.
List of malicious apps
Thankfully, all 29 of these apps have been removed from the Google Play Store and they’re no longer available for download. However, the questionable apps had been installed by almost 30,000 users before they were pulled out.
If you’ve downloaded any of the apps listed below, please uninstall them immediately!
Here’s a list of the malicious apps, courtesy of ESET:
| App name | Package name | Installs |
| Power Manager | com.puredevlab.powermanager | 10+ |
| Astro Plus | com.astro.plus | 0+ |
| Master Cleaner – CPU Booster | bnb.massclean.boost | 5,000+ |
| Master Clean – Power Booster | mc.boostpower.lf | 100+ |
| Super Boost Cleaner | cpu.cleanpti.clo | 500+ |
| Super Fast Cleaner | super.dupclean.com | 500+ |
| Daily Horoscope For All Zodiac Signs | ui.astrohoro.t2018 | 100 + |
| Daily Horoscope Free – Horoscope Compatibility | com.horochart.uk | 500+ |
| Phone Booster – Clean Master | ghl.phoneboost.com | 1,000+ |
| Speed Cleaner – CPU Cooler | speeeed.cool.fh | 100+ |
| Ultra Phone Booster | ult.boostphone.pb | 1,000+ |
| Free Daily Horoscope 2019 | fr.dayy.horos | 50+ |
| Free Daily Horoscope Plus – Astrology Online | com.dailyhoroscope.free | 1,000+ |
| Phone Power Booster | pwr.boost.pro | 1,000+ |
| Ultra Cleaner – Power Boost | ua.cleanpower.boost | 50+ |
| Master Cleaner – CPU Booster | bnm.massclean.boost | 5,000+ |
| Daily Horoscope – Astrological Forecast | gmd.horobest.ty | 1,000+ |
| Speed Cleaner – CPU Cooler | speeeed.cool.gh | 0+ |
| Horoscope 2018 | com.horo2018i.up | 1,000+ |
| Meu Horóscopo | my.horoscop.br | 1,000+ |
| Master Clean – Power Booster | mc.boostpower.cf | 50+ |
| Boost Your Phone | boost.your.phone | 1,000+ |
| Phone Cleaner – Booster, Optimizer | phone.boost.glh | 1,000+ |
| Clean Master Pro Booster 2018 | pro.cleanermaster.iz | 10+ |
| Clean Master – Booster Pro | bl.masterbooster.pro | 5,000+ |
| BoostFX. Android cleaner | fx.acleaner.e2018 | 50+ |
| Daily Horoscope | day.horocom.ww | 1,000+ |
| Daily Horoscope | com.dayhoroscope.en | 1,000+ |
| Personal Horoscope | horo.glue.zodnow | 1,000+ |
Click here to read ESET’s full report.
How to delete malicious apps in Android
Although this campaign is sophisticated, ESET noted that these Trojans do not employ advanced techniques to ensure persistence on an infected Android phone. All it takes to remove these Trojans is to simply uninstall them from your gadget.
To review and remove questionable apps on Android, go to Settings >> then Apps or Application Manager. Look through the list and keep an eye out for anything that’s odd or unfamiliar.
Tap the questionable app you want to get rid of and this will open up the App Info screen. First, remove the app’s data cache by hitting “Clear Cache.” Next, delete the app’s data by tapping “Clear Data.”
Once these steps are done, click on the “Uninstall” button to remove the app.
Sometimes, sneaky app developers hide their fake apps by making their title and icons invisible. If that’s the case, look for blank spaces in your Application Manager and uninstall them as usual.
For stubborn apps that have hijacked your gadget’s administrator permissions, try removing them in Safe Mode. Unfortunately, if that doesn’t work, your only other option is to wipe your data, factory reset your device, and start over.
This is why it is also so critical to have a reliable backup service. All it would take is one nasty fake app or mobile malware and you could lose it all. To back up all your gadgets, including Android, iOS, Mac and PC devices under one account, we recommend our sponsor IDrive. Check out IDrive today and save 50% thanks to Kim!
