Cloud cybersecurity firm Zscaler recently discovered that more than 90 Android apps on Google Play contain malware. These apps, downloaded over 5.5 million times, masquerade as harmless PDF or QR code readers but harbor banking malware.
When users install updates for these deceptive apps, they unwittingly activate a malicious payload that gathers their personal data. The malware then displays fake banking login pages to steal financial credentials, potentially giving cybercriminals access to users’ bank accounts. Among the culprits are the “PDF Reader & File Manager” by TSARKA Watchfaces and “QR Reader & File Manager” by Risovanul, which have been downloaded over 70,000 times before their removal from the Play Store.
The warning signs were there: both apps came from obscure developers with random Gmail support emails rather than professional domain-based emails. Unfortunately, the removal of these apps doesn’t eliminate the threat for those who already have them installed.
Zscaler’s analysis reveals that the most common malware-infected app categories are tools, personalization, and photography. Besides Anatsa, other malware families like Joker, Adware, Facestealer, and Coper have also been found on Google Play. Notably, Anatsa and Coper, though less common, are highly impactful banking trojans. The ongoing threat of Android malware has seen new strains like “Brokewell,” which allows full device takeover, surface recently.
This situation underscores a crucial lesson: presence on official app stores like Google Play or Apple’s App Store does not guarantee an app’s safety. Users should exercise caution, scrutinize app details, and prioritize security to safeguard their personal data.
