New deletion warning
Google has its finger on the deletion button – and that’s good. Twice in a few days, security researchers have called on the speed at which Google’s team removes threats from its toy store. Yes, it shouldn’t have been there in the first place, but at least now they are gone. But remember, you must also delete applications on your phone.
A week ago, I mentioned in an “extensive and sophisticated advertising fraud program” with more than 56 million downloads for 180 malicious applications. Research from DES It broke a dangerous new campaign “imitating legal applications” in various popular categories – readers of documents, lenses, horoscopes. The team described the attack as “Vapor” as “its ability to” evaporate “any real functionality from applications”, leaving only interventional ads.
Users really need to kill the habit of downloading these empty applications from little known developers. The Google Play Store Purge last year, increased thresholds and new applications quality warnings will all help. But eventually a change in users’ behavior is needed.
Now the threat of Zscaler has destroyed another empty application that does significant harm and not good. “A popular app on the Google Play Store,” he says, “with over 220,000 shots that was actually a downloader for Anatsa (also known as Teabot) Android Banking Trojan. The application is disguised as a file manager and reader of documents.”
I covered Anatsa almost a year ago, when Threatening He warned that the dropper is specifically targeting Samsung. “Bad accessibility was customized to interact with Samsung’s UI items … This suggests that threats originally developed and tested exclusively their code for Samsung devices.”
At that time, the researchers warned that “there are opportunities for future adjustments to target other manufacturers”, with other drops that “did not contain such a specialist code for the manufacturer, threatening all devices regardless of the seller”. This paints a good picture of calculating these attacks. And Anatsa is particularly unpleasant.
As Zimbe Explains, “Teabot is a Trojan Android banking targeting the largest number “fishing”.
Suffice it to say that this is disappointing this is still deceived by the Play Store. Check for the app and delete it now if you are one of those 200,000 influenced users. And please be aware of the applications you install, especially in these categories of Catnip.
Also make sure that Play Protect is on on your phone. Each time Google removes an application, it informs its defenses to ensure that this threat cannot grow again. It is clear that those who develop malware adjust their code to slip through the net, and this leads this endless cat and mice game with Google.
