How criminals get Android users to install fake versions of popular apps

June 5, 2021

There is a new threat for Android users that has come to light in the latest report by Bitdefender.

According to their report, cybercriminals are offering new malicious Android applications that impersonate popular apps but are infected with TeaBot and Flubot that are from banker trojan families.

The Teabot trojan can carry out overlay attacks via Android Accessibility Services, intercept messages, perform various keylogging activities, steal Google Authentication codes, and even take full remote control of Android devices.

Hackers imitate top-rated apps with the hopes of tricking at least some users into downloading and installing their malicious versions. The researcher claims that fake apps housing the Teabot payload are based on popular apps residing on Google Play, some with as many as 50 million downloads.

The report also found that hackers have also been spreading Teabot using a fake Ad Blocker app that acts as a dropper for the malware.

“The fake Ad Blocker apps don’t have any of the functionality of the original version. They ask permission to display over other applications, show notifications, and install applications outside of Google Play, after which they hide the icon,” said the report.

Besides this, the other trojan that has been spotted is called Flubot. This is more widespread internationally, predominantly in Germany, Spain, Italy and the UK.

Unlike Teabot, which is sometimes dropped by an app posing as an ad blocker, Flubot operators have a much more direct campaign, using spam SMS as a means of delivery.

Flubot is said to steal banking, contact, SMS and other types of private data from infected devices, and has an arsenal of other commands available, including the ability to send an SMS.

According to the report, Android users can avoid infection with either of these two threats by never installing apps from outside the official store. It also advises to never tap on links in messages and always be mindful of your Android apps’ permissions.

https://cio.economictimes.indiatimes.com/news/digital-security/how-criminals-get-android-users-to-install-fake-versions-of-popular-apps/83253577


Leave a Reply