NewsNation

Over 90 apps that steal bank info in Google Play store: Study

(NEXSTAR) — Have an Android device? It might be time for a wellness check.

Security experts at Zscaler announced recently that they have found more than 90 malicious apps in the Google Play store. All told, the apps have been installed more than 5.5 million times, according to Zscaler ThreatLabz.


“User security is a top priority for Google Play,” according to a Google spokesperson who told Nexstar that all of the identified malicious apps have since been removed.

For Android users who may have unknowingly downloaded the apps, ThreatLabz mentioned one rising danger in particular, the Anatsa malware, also called TeaBot. Anatsa is built to access people’s banking information from hundreds of financial applications around the world.

The analysis found that Anatsa attack campaigns were often hidden inside practical tools such as PDF or QR code readers available in the Google Play store. Once installed, the apps are adept at evading detection while siphoning personal financial information via legitimate-looking updates.

The security team at Zscaler didn’t divulge the full list of 90+ malicious apps, but did release details about two such apps – PDF Reader & File Manager and QR Reader & File Manager – that had over 70,000 installations.

“This campaign impersonated PDF reader and QR code reader applications, as is often the case, to attract a large number of installations,” according to Zscaler. “The high number of installations further aids in deceiving victims into believing that these applications are genuine. At the time of analysis, both applications had already amassed over 70,000 installations.”

Among the most commonly-exploited types of apps were tools (39.4%), personalization (20.2%), photography (12.8%), productivity (9.6%) and health & fitness (7.4%).

Bad actors likely target the most popular Google Play categories because it’s easier for their malicious apps to blend in, according to the report’s authors.

When browsing for a new app, experts recommend looking out for low download numbers, unfavorable reviews, higher-than-average data usage and strange app descriptions.

A Google spokesperson told Nexstar that the company recommends using Google Play Protect, which “protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services.”