Security researchers from Trend Micro have recently reported that “Malicious actors have been surreptitiously adding a growing number of banking trojans to Google Play Store via malicious droppers this year, proving that such a technique is effective in evading detection.” Once installed, these apps give the creator the means to access your bank account and steal your money.
A dropped app is an app that gets published in the play store as a fully trusted app. They pass all of the security checks, and at a glance, they look legitimate. However, as soon as they get published, they immediately connect to their command and control server, where they download a malicious portion (a payload) that turns the app into malware. In this case, the payload attempts to do the following:
* Steal banking passwords.
* Steal banking PINs.
* Intercept text messages sent from your bank to confirm it is you.
Please check for and delete these apps and also change passwords and login information immediately
* Call Recorder APK (com.caduta.aisevsk)
* Rooster VPN (com.vpntool.android web)
* Super Cleaner- hyper & smart (com.j2ca.callrecorder)
* Document Scanner – PDF Creator (com.codeword.docscann)
* Universal Saver Pro (com.virtual apps.universalsaver)
* Eagle photo editor (com.techmediapro.photo editing)
* Call recorder pro+ (com.chestudio.callrecorder)
* Extra Cleaner (com.casualplay.leadbro)
* Crypto Utils (com.utilsmycrypto.mainer)
* FixCleaner (com.cleaner.fixgate)
* Just In: Video Motion (com.Olivia.openpuremind)
* Lucky Cleaner (com.luckyg.cleaner)
* Simple Cleaner (com.scando.qukscanner)
* Unicc QR Scanner (com.qrdscannerratedx)
Note: Some of these apps can hide from view, making it harder to remove them, but do not worry; we have added this malware to the Incognito database so you can scan your phone to see if you have any of them installed.
Please let me know if you need help with this or anything else.
Wishing you a very happy start to August,
Incognito Privacy Care Team.