Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Laptop
Laptop
Technology
Sean Riley

This sneaky Android trojan is stealing from victims' bank apps — do you have it on your phone?

Android banking trojan

Despite the many safeguards in the Google Play Store, it is once again playing host to a dangerous Android trojan posing as legitimate productivity apps to escape detection — once installed the hackers deploy their malware. This time the threat was identified by security researchers at ThreatFabric, who revealed the latest incarnation can take over nearly 600 different banking apps to siphon off money from victims.

That's one of the most dangerous aspects of this particular trojan — it isn't just stealing your login credentials — it is taking over the banking apps on your Android phone so the transactions appear to be coming from you (via Bleeping Computer).

The targeted apps include numerous major banks and stock trading apps like TD Bank, J.P. Morgan, Capital One, E-Trade, Schwab Mobile, and hundreds more, so the threat is substantial.

Delete these five apps now!

Per Bleeping Computer, Google reached out to confirm that it has removed the following apps from Google Play and the developers have been banned, but it is worth confirming that you didn't have any of these apps installed on your phone prior to their removal.

Not the most exciting list of apps, but the hackers are counting on a PDF reader being something that a user may need to quickly download to read a document without vetting the app carefully.

Once installed on the Android phone the dropper apps then download the actual Anatsa malware which begins stealing your credit card details, bank account information, and payment information through a combination of phishing pages and keylogging.

That information is in turn used to gain access to any of the almost 600 financial apps detected on the user's device. The security researchers at ThreatFabric indicated that "Since transactions are initiated from the same device that targeted bank customers regularly use, it has been reported that it is very challenging for banking anti-fraud systems to detect it." 

The stolen money is converted into cryptocurrency and distributed through a network of accounts that keep a smaller portion before sending the rest on to the hackers.

(Image credit: ThreatFabric)

How to avoid becoming a victim of a banking trojan

We still stress that downloading your apps from Google Play is far safer than any other source, but as the apps in question came from Google Play, here's what to look for even when downloading from Android's official app store.

Make sure you are downloading apps from known publishers that have substantial downloads and positive reviews. The truth is that apps like this do not typically last long in the Google Play Store and once they are caught, Google removes them and bans the developer as seen in this case. Will they pop up again? Of course, but it means that they don't have the time to build up a substantial track record so even if they pay for fake reviews they won't have years of positive reviews.

It's also important to note that Google Play Protect, which is on any device with Google Play Services, doesn't just try to detect malware when you install an app, but runs periodic scans of your apps to ensure that none of them have become infected with malware. If it detects a threat it can either disable or remove the app automatically from your device.

Combine this advice with one of the best antivirus apps and you should be able to keep your device safe from almost any malware threat.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.