everthing

These Android apps can steal money from your bank account; delete them now

by

Be careful Android users. According to security researchers at Trend Micro, there is a growing number of apps that contain malware aimed at collecting users’ personal banking information. Such data includes victim’s banking information, PINs, passwords, and other information that could help the attackers steal an online banking app.
The malware can also intercept text messages and take over infected handsets. Intercepting text messages is bad enough, but stealing bank information is something that can hit your wallet.

Dropper apps spread malware that can steal money from Android users’ banking apps

The apps that help to get the malware past the Google Play Store protection are called dropper apps. They are aptly named because these apps have a payload consisting of malicious apps installed on an infected handset. In its report, Trend Micro writes, “Malicious actors have covertly added a growing number of banking Trojans to Google Play Store via malicious droppers this year, demonstrating that such a technique is effective at evading detection.”

In addition, due to the high demand for new ways to distribute mobile malware, several attackers claim that their droppers could help other cybercriminals spread their malware on the Google Play Store.” Late last year, Trend Micro discovered a new variant of dropper that it called DawDropper.These apps were originally found in the Google Play Store under the titles:

  • Call Recorder APK (com.caduta.aisevsk)
  • Rooster VPN (com.vpntool.androidweb)
  • Super Cleaner – hyper & smart (com.j2ca.callrecorder)
  • Document Scanner – PDF Creator (com.codeword.docscann)
  • Universal Saver Pro (com.virtualapps.universalsaver)
  • Eagle photo editor (com.techmediapro.photoediting)
  • Call recorder pro+ (com.chestudio.callrecorder)
  • Extra Cleaner (com.casualplay.leadbro)
  • Crypto utilities (com.utilsmycrypto.mainer)
  • FixCleaner (com.cleaner.fixgate)
  • Just In: Video Motion (com.olivia.openpuremind)
  • com.myunique.sequencestore
  • com.flowmysequto.yamer
  • com.qaz.universalsaver
  • Lucky Cleaner (com.luckyg.cleaner)
  • Simpli Cleaner (com.scando.qukscanner)
  • Unicc QR Scanner (com.qrdscannerratedx)

Although Google launched these apps from the Play Store, they may still be on your Android phone. If so, remove them immediately.

Trend Micro adds that “DawDropper’s malicious payload belongs to the Octo malware family, a modular and multi-stage malware capable of stealing banking information, intercepting text messages and hijacking infected devices. Octo is also known as Coper and has historically been used to target Colombian internet banking users.”

Google is also making policy changes to the Google Play Store, including banning copycat apps

A Google support page (via 9to5Google) also reveals new policy changes being made to the Play Store, including one starting September 30 that will prevent developers from showing full-page ads in mobile games installed from the Play Store if they can’t be closed after 15 seconds. There is an exception if the ad is opt-in and is used to unlock rewards for game players. Also prohibited are unexpected interstitial ads that appear before the loading screen appears, or when a new level begins.
Apps that copy icons, logos, designs, or titles from other apps will be banned from August 31. Also on that date Google is going to ban certain VPN apps. These are apps that use a Virtual Private Network (hence the designation “VPN”) that transmits a user’s Internet activity over an encrypted connection, preventing others from seeing what he or she is doing. The ban applies to VPN apps that use the “VPNService” class (which is used to establish a VPN connection) to track user data or redirect internet traffic to generate “clicks” for ads.

Ironically, one app that can be affected is the “App Tracking Protection” app from the pro-privacy company DuckDuckGo, which creates VPNs to block trackers in other apps.