3
Octo, Hydra, ERMAC… You may never have heard these names, but these little bits of code take advantage of applications installed on Android mobiles to steal the personal information of their owners.
The Play Store is experiencing a new disappointment. While a few weeks ago, security specialists discovered malware installed more than 3 million times, another threat has just been spotted on Google’s mobile platform.
A malicious “dropper”
The company TrendMicro has indeed established that 17 applications, present for weeks on the application store, were in fact serving as a hatch to malware aimed, among other things, at stealing banking information. All of them were removed from the platform following the company’s report, but if you have installed some of these software, it would be useful to get rid of them very quickly. Full list includes Call Recorder, Rooster VPN, Super Cleaner, Document Scanner, Universal Saver Pro, Eagle photo editor, Call recorder pro+, Extra Cleaner, Crypto Utils, FixCleaner, Universal Saver Pro, Lucky Cleaner, Just In: Video Motion, Document Scanner Pro, Conquer Darkness, Simpli Cleaner and Unicc QR Scanner.
The list of apps pinned by TrendMicro © Trend Micro
The malware distributed by these malicious applications is capable of “steal banking information, intercept text messages and hack into infected devices“, specifies TrendMicro. It is not the applications in themselves which steal information, but rather a small software dependency installed discreetly on the telephone thanks to the presence of this virulent software. This practice has been nicknamed “drop“, because it allows malicious code to be “dropped” on a phone by installing a seemingly innocuous app.
A threat to be taken seriously
This drop in particular allowed to install several different malware with names as varied as Octo, Hydra, ERMAC and TeaBot. All have the same goal: to spy on the activity of an Internet user to steal personal information. Octo, for example, is able to record screen activity and keep an active connection to its server, even when the phone is locked. The software is even able to deactivate Play Protect, the service that is supposed to protect Android mobiles against possible infections.
“With more and more banking Trojans being made available […] malicious actors have an easy and profitable way to distribute malware disguised as legitimate applications. We imagine this trend will continue and more banking Trojans will be distributed. […] in the future“, philosopher TrendMicro. The cybersecurity specialist advises to always take a look at the comments that accompany an application and check if the company behind the software seems reliable before downloading its executable. If you have installed one of these apps, check on your bank account and on your social networks if suspicious activities have not taken place.