Cybersecurity researchers have monitored a surge of trojanized apps on the Google Play Store. The majority of them were utilized by threat actors in several scams that resulted in financial losses and credential-stealing attacks.
A report revealed that malicious operators endorse trojan-infected apps as cryptocurrency management apps, investment clones, social benefit clones, iOS launchers, iOS 15 themes, and photoshops.
Experts considered the fake investment scams as one of the most hostile since the threat actors will request their victims to create an account and deposit a certain amount of money for trading. However, the money for trading will be diverted by the hackers to the bank account devised by the scammers.
Also, some of the compromised applications will ask its user $2 for removing online advertisements. The threat actors only ask for a low price to not raise any suspicions, but they are betting to gain money for the sheer volume of downloads.
The trojanized apps disguised themselves with numerous attractive and valuable applications.
Researchers indicated that the trojanized apps included SilentInstaller, Loic, AdPush, SspSdk, SecretVideoRecorder, FakeAntiVirus, WapSniff, PWS.Facebook malware, FreeAndroidSpy, Myteam, Adpush, KeyStroke, and more.
Currently, an app called Top Navigation is still available on Google Play Store, which now has more than half a million installations worldwide. The most malicious application among the ones mentioned earlier is disguised as an unofficial WhatsApp mod.
These WhatsApp mods are desirable to users since they offer functions and modes that support the Arabic language, screen widgets, and features not available on the app itself.
The threat actors distribute these apps through malicious websites promoted in social media posts, comments, online public forums, and “search engine optimization” poisoning.
The surge of trojanized apps started increasing in January, deceiving users into downloading and installing infected apps. Experts suggest that Android users avoid APK downloads from unknown sources and that they should also check reviews and carefully observe permission asked by an app.