Bad app warning: These apps with 300K downloads caught stealing banking info

Bad app warning: These apps with 300K downloads caught stealing banking info
© Thomaguery | Dreamstime.com

The Android operating system is very popular, which is why it’s a huge target for cybercriminals. Tap or click here to see how this smart TV remote is really malware.

Due to how the OS is coded, it is easy to create apps and malware that impact millions. Couple that with the prevalence of banking apps in the Android ecosystem, and you have a disaster waiting to happen. Unfortunately, a new group of malicious apps has been discovered.

And this group of malicious apps is especially dangerous as they are hiding banking trojan malware. Read on to find out if you have one of these malicious apps on your device so you can delete it ASAP.

Here’s the backstory

Cybersecurity researchers from Threat Fabric recently revealed how over 300,000 Android users had been exposed to malware. The device infections occurred through four different kinds of malware, hiding in several malicious apps.

In a blog post, Threat Fabric explained that hackers “are focusing on loaders with a reduced malicious footprint in Google Play.” With less malware code inside, it makes it much harder for Google to detect.

It’s a bit of a catch-22 situation, as Google implemented new Google Play restrictions on what personal information apps have permission to. To get around this, criminals must use different tactics on a smaller scale. This causes the malware to blend in with an app’s code, making it harder to detect.

Here are some of the malicious apps:

  • Free QR Code Scanner
  • Master Scanner Live
  • PDF Document Scanner – Scan to PDF
  • CryptoTracker
  • Gym and Fitness Trainer
  • Millenniumbcp
  • Binance – Buy & Sell Bitcoin Securely
  • Bitfinex
  • Banca Digital Liberbank

The malicious apps in question have been designed to steal passwords to cryptocurrency wallets, email services and social media profiles.

What you can do about it

It can be rather difficult to spot a malicious app if you don’t know what to look for. Here are some tips on how to stay safe and to make sure that your data is secure.

  • Only download Android apps from the official Google Play Store. Third-party app stores don’t have the same security protocols as Google and are more likely to host malicious apps.
  • Check the rating and reviews of an app if you aren’t sure about it. Other users will leave a scathing review if the app doesn’t live up to its promises or if it turns out to be malicious.
  • Where possible, activate two-factor authentication (2FA) as an added security measure. That means hackers can’t breach your account or details, even if they have your username and password. Tap or click here to learn more about 2FA.
  • Change your passwords for all your online accounts regularly. It is a good idea to change them to something new every few months.

To check if you have any of the malicious Android apps installed and how to delete them:

  • Open the Settings menu.
  • Tap Apps & Notifications to see a complete list of installed apps.
  • Scroll through the list and tap on an app that you want to remove.
  • In the next menu, tap Uninstall.

You can also long-press on an app on your home screen and tap Uninstall. To see the complete list of malicious apps discovered by Threat Fabric, click here and scroll down to the Appendix section.

Keep reading

Millions of routers from Netgear, Linksys, D-Link and more are at risk of malware attack

Is banking on your phone safe? 6 ways to make sure you’re not part of a scam.

Tags: Android, apps, cryptocurrency wallets, cybercriminals, cybersecurity, email services, Google, Google Play Store, malicious apps, malware, operating systems, passwords, personal information, security, security protocols, two-factor authentication