The apps, in question, pose as QR scanners, PDF scanners, and cryptocurrency wallets, as per the report. They belong to four different malware families on Android. The apps used limitations for restricting the use of accessibility services for sight-impaired users to prevent automatic installation of apps without user consent.
According to reports, the malware operators use workarounds to make their trojans undetectable by malware checkers and Google Play security protocols. For instance, most campaigns start with a legit app that does not contain any malware. However, when users download the apps and start using them, they send messages to users, directing them to download “updates” from third-party sources.
These “updates” from third-party sources add malicious programs to user devices that help malware operators steal sensitive user data from their Android devices. One of the largest malware families in the market, as per a report, is Anatsa. It is a “rather advanced Android banking trojan” that can automatically transfer all the amount from an affected user’s device to the malware operator’s account, which is concerning. Other malware families detected by researchers include Hydra, Alien, and Ermac.
Google did not respond to the report and directed the UK’s Wired to a post relating to how Google Play handles malicious apps on its platform from earlier this year. Although the methods Google uses to protect users from malicious apps are legit, the Play Store has been home to several malicious apps and games over the past few years.
So, if you are an Android user, be sure to get your apps and games from trusted developers on the Play Store. Also, we suggest you avoid downloading apps and games from unknown third-party sources to keep your device free of malware-laden apps.