Google made many efforts to make the Play Store away from malicious apps, but some apps were able to fool the anti-malware protections and infect users with malware.
Security researchers from different security companies have discovered two new malware campaigns targeting users of Google Play Store, one of them is spreading a new variant of BankBot, which is a popular family of banking Trojan that mimics actual banking apps in attempts to steal users’ login details.
The researchers said that they first found the flashlight applications on 13 October, and discovered the infected games and cleaner apps in late October and early November. They also said that Some versions remained on Google Play until as late as 17 November and had been installed by thousands of users.
According to researchers:
The new version of BankBot has been hiding in apps that pose as supposedly trustworthy flashlight apps, tricking users into downloading them, in a first campaign. In a second campaign, the solitaire games and a cleaner app have been dropping additional kinds of malware besides BankBot, called Mazar and Red Alert.
Once the BankBot installed with the required privileges, the app shows an overlay on the top of the original apps whenever users launch one of the applications from the malware’s list and steal whatever banking information the user’s types on it.
Users are recommended to install apps only from trusted sources because BankBot’s payload was downloaded from an external source.