A batch of seemingly harmless apps in the Google Play store that were actually malware in disguise and were used to steal people’s bank account logins have been removed from Play, Google confirmed. The researchers who discovered the bogus programs said they’d been downloaded by Android users around the world more than 300,000 times.
Mobile security researchers found malware designed to steal people’s online banking passwords and two-factor authentication codes. They said the malware also logged keystrokes and even took screenshots through people’s phones.
Though the tainted apps used a few different methods of deception, the researchers said many of the apps bypassed Google’s new security restrictions by first offering people a seemingly legitimate app that initially tested negative for malware. The apps even functioned just as advertised when users first downloaded them.
Once the apps were installed, though, they prompted people to update them. That’s when the malware was installed in the form of a Trojan horse, a type of malware characterized by its initially harmless appearance.
- Two Factor Authenticator
- Protection Guard
- QR CreatorScanner
- Master Scanner Live
- QR Scanner 2021
- QR Scanner
- PDF Document Scanner – Scan to PDF
- PDF Document Scanner
- PDF Document Scanner Free
- Gym and Fitness Trainer