Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,334
- Points
- 113
Between August and November 2021, four banking Trojans for Android were distributed in the official Google Play Store at once. During this time, the malware managed to infect more than 300 thousand users of mobile devices.
Of course, the authors disguised malicious applications as something harmless, and once on the device, these programs sought to gain complete control over the system.
According to the researchers at ThreatFabric, who were the first to notice the campaign, the discovered droppers downloaded the malware Anatsa (TeaBot), Alien, ERMAC and Hydra to the devices. At the same time, the attackers tried to act as discreetly as possible, so they disabled the download of the malicious component while the Google application was being checked. It is also known that the authors of the Trojans infect Android smartphones only from certain countries.
Once installed on a victim's device, malicious applications could extract passwords and two-factor authentication codes delivered via SMS messages. In addition, the malware could record keystrokes on a virtual keyboard, take screenshots, and even empty users' bank accounts (for this, the criminals used the Automatic Transfer System tool).
The list of identified Android Trojans looks like this:
Of course, the authors disguised malicious applications as something harmless, and once on the device, these programs sought to gain complete control over the system.
According to the researchers at ThreatFabric, who were the first to notice the campaign, the discovered droppers downloaded the malware Anatsa (TeaBot), Alien, ERMAC and Hydra to the devices. At the same time, the attackers tried to act as discreetly as possible, so they disabled the download of the malicious component while the Google application was being checked. It is also known that the authors of the Trojans infect Android smartphones only from certain countries.
Once installed on a victim's device, malicious applications could extract passwords and two-factor authentication codes delivered via SMS messages. In addition, the malware could record keystrokes on a virtual keyboard, take screenshots, and even empty users' bank accounts (for this, the criminals used the Automatic Transfer System tool).
The list of identified Android Trojans looks like this:
- Two Factor Authenticator (com.flowdivison)
- Protection Guard (com.protectionguard.app)
- QR CreatorScanner (com.ready.qrscanner.mix)
- Master Scanner Live (com.multifuction.combine.qr)
- QR Scanner 2021 (com.qr.code.generate)
- QR Scanner (com.qr.barqr.scangen)
- PDF Document Scanner - Scan to PDF (com.xaviermuches.docscannerpro2)
- PDF Document Scanner Free (com.doscanner.mobile)
- CryptoTracker (cryptolistapp.app.com.cryptotracker)
- Gym and Fitness Trainer (com.gym.trainer.jeux)
Fortunately, at this point, all of the listed apps have been removed from the Google Play Store.
