ThreatFabric experts have discovered that banking trojans distributed through the Google Play Store have infected more than 300,000 devices. The malware was disguised as QR code readers, PDF scanners, fitness and two-factor authentication apps. Once installed, this application stealthily communicates with the server of threat actors, waiting for commands. At the right time, the server commands the application to perform a fake «update», which will download and run the malware on the device. In the next stage, banking trojans tried to steal user credentials. Since July 2021, malicious applications have been spreading four banking trojans: Alien, Hydra, Ermac, and Anatsa.

Currently, Google experts have already removed all dangerous apps from the Play Store, and advise users to remove them from their devices as soon as possible:

• Two Factor Authenticator
• Protection Guard
• QR CreatorScanner
• Master Scanner Live
• QR Scanner 2021
• QR Scanner
• PDF Document Scanner – Scan to PDF
• PDF Document Scanner
• PDF Document Scanner Free
• CryptoTracker
• Gym and Fitness Trainer

Source: xakep.ru