For four months, twelve Android applications had foiled the protections of the Play Store. They made it possible to collect personal data including banking information. They were very difficult to detect. Google removed them.
They are twelve in number and have been slow to be discovered by cybersecurity researchers of . This is a lot of du Play for Android infected. They went through security systems. Downloaded more than 300,000 times, for four months, they locked up banking Trojans that came to siphon off the users and d’ .
The strikes atwere also noted and the also took the opportunity to take . Applications that appear virtuous, such as a QR code scanner, or for , or management of , locked up up to four families of . The researchers had great difficulty in detecting the harmful load of these applications and it is exactly thanks to this weak signature that they went under the radar of Google’s automatic detection systems. It should be noted that it is after the installation of the application that the payloads were repatriated in the form of updates from sources other than the Play Store.
Updates to install the malware
The creators of this malware are clever because, in order not to attract attention, the installation of malicious code was not systematic and they only targeted certain geographical areas. Likewise, the applications had all theto be legitimate and also had positive opinions. They functioned normally and performed normally for the task for which they were designed. the bank with the most operations the name of Anatsa. The other three are called Alien, and Ermac. All were inoculated via a module called Gymdrop. By not going systematically looking for the payload, it was this which made it possible not to attract the attention of the security systems.
While last week nine millionhave been contaminated by an application on the AppGallery of , malware detection is still one of the main concerns in and especially at Google. Over the past ten years, many infected applications have found their place in the Play Store. They are removed immediately after being detected; but, as this example shows, despite advanced protection systems, hackers are always one step ahead to fool them.