Seventy-seven malicious Android apps with more than 19 million installs were delivering multiple malware families to Google Play users.
This malware infiltration was discovered by Zscaler's ThreatLabs team while investigating a new infection wave with Anatsa (Tea Bot) banking trojan targeting Android devices.
While most of the malicious apps (over 66%) included adware components, the most common Android malware was Joker, which researchers encountered in almost 25% of the analyzed apps.
Once Joker malware is installed on a device, it can read and send text messages, take screenshots, make phone calls, and steal contact lists, access device information, and subscribe users to premium services.
A smaller percentage of the apps included maskware, a term used to define a malicious app that disguises itself as something that would not raise any suspicion.
This type of malware may pose as a legitimate app that works as advertised. However, it performs malicious activity in the background, such as steal credentials, banking info, or other sensitive data (location, SMS). Cybercriminals can also use maskware to deliver other malware.
Zscaler researchers also found a variant of the Joker malware called Harly, which comes as a legitimate app that has a malicious payload hidden deeper in the code to avoid detection during the review process.
Caption
In a report in March, Human Security researchers said that Harly can hide in popular apps, like games, wallpapers, flashlights, and photo editors.
Anatsa trojan keeps evolving
... continue reading