Security researchers have observed an increasing flood of trojans on the official Android store. Most of the trojan-laden apps are used in different scams and cause financial losses or steal sensitive personal information.

The trojan rush

A recent report by Dr. Web disclosed that the malicious apps are offered as cryptocurrency management apps, Gasprom investment clones, social benefit aid tools, an iOS launcher (themed after iOS 15), and photo editors.
  • Most fake investment apps ask victims to create a new account and deposit money for trading, eventually diverting them to the bank account of the scammer. 
  • Some apps ask for $2 for removing ads. 
  • Other apps load affiliate service sites and sign up victims for paid subscriptions by using the Wap Click technology.

Detected trojans

  • The detected malicious apps include SecretVideoRecorder, FakeAntiVirus, KeyStroke, WapSniff, FreeAndroidSpy, SilentInstaller, Loic, AdPush, SspSdk, Myteam, Adpush, and PWS.Facebook malware, among others.
  • One of the apps, Top Navigation, is available to download on Play Store and has over 500,000 installations.

Among all the apps, the major threat was posed by unofficial WhatsApp mods. 

WhatsApp mod apps

Some apps present themselves as WhatsApp modifications such as OBWhatsApp, GBWhatsApp, or WhatsApp Plus. 
  • These apps are spreading through malicious websites that are promoted via social media posts, forums, and SEO poisoning.
  • These mods are popular because they offer features such as support for the Arabic language, home screen widgets, and other features that do not come with WhatsApp.
  • These trojanized apps come with bundled malware that tries to snatch notifications from the Samsung Galaxy Store and Google Play Store by using the Flurry stat service.

Conclusion

The increase in trojanized apps is ongoing since January and tricking users into installing such fake apps. Therefore, Android users are recommended to avoid APK downloads from unknown sources, check user reviews, and monitor permission requested by the app.
Cyware Publisher

Publisher

Cyware