Google has a problem: a serious Play Store problem. A dangerous threat that we were told had been banned from the store has apparently just been found there again, and that will rightly alarm millions of users.
It was just a few weeks ago that Android users were warned that 90 dangerous apps with 5.5 million installs had been found on the Play Store. Google assured users at the time that “all identified malicious apps have been removed from Google Play, [and] Google Play Protect also protects users by automatically removing or disabling apps known to contain malware on Android devices with Google Play Services.”
And yet, here we are again: it seems that the defense mechanisms have failed.
The malware in question is Anatsa, which Zscaler warns “exfiltrates sensitive banking data and financial information from global financial applications.” After being installed via a separate dropper app, Anatsa scans the infected device for banking apps it’s coded to attack. It then captures credentials via a fake login page overlaid on the real app and intercepts SMS passwords. It then wipes your account.
In May, Zscaler suggested that “recent campaigns conducted by malicious actors deploying the Anatsa banking trojan highlight the risks faced by Android users” who rely on the security of Google’s Play Store, it added.
And now Zscaler has issued a new alert, saying its ThreatLabz “has detected another malicious Android app currently live on the Google Play Store… The app is disguised as a QR reader and file manager, but is actually a malware loader for the Anatsa banking trojan.” It’s an unpleasant case of déjà vu.
I have asked Google for comment on this latest warning.
Anatsa’s use of a seemingly clean app as a dropper has been key to its success. “This strategic approach,” says Zscaler, “enables the malware to be uploaded to the official Google Play store and evade detection.” Previous droppers have included trivial PDF and QR code readers and the like. And this latest alert is yet another QR reader.
That’s why the golden rules for a safer Android experience are still very important:
- Only choose official app stores. Do not use third-party stores and never change your device’s security settings to load an app. Also, make sure that Google Play Protect is enabled on your device.
- Check the developer in the app description: is it someone you would want in your life? And check the reviews, do they look legit or farmed? Avoid random installation of trivial apps that you don’t need.
- Don’t give permissions to an app that shouldn’t need them: Flashlights and stargazing apps don’t need access to your contacts and phone. And never give accessibility permissions that facilitate device control unless you need them.
- Never ever Click on links in emails or messages that download apps or updates directly. Always use app stores for installations and updates.
- Don’t install apps that link to popular, established apps unless you’re sure they’re legitimate. Check reviews and online listings.