Remove These Recently Found Harmful Programs from Your Android Gadget
This week, cybersecurity firm Zscaler stated that they discovered over 90 malevolent Android applications present on the Play Store. These apps have been installed more than 5.5 million times combined, with many of them participating in the persistent Anatsa malware campaign, which has targeted over 650 financial institution-related apps.
As of February 2024, Anatsa had contaminated at least 150,000 devices using a range of deceptive programs, including productivity tools. Although the identities of most of the implicated applications in the current attack are unknown, we know about two: PDF Reader & File Manager and QR Reader & File Manager. At the time of Zscaler's investigation, the two apps had gathered around 70,000 installs among them.
The mechanism by which these harmful apps infect your phone
Despite Google's strict review process for apps submitted to the Play Store, malware campaigns such as Anatsa are cunning and can employ a multistage payload unloading technique to circumvent these reviews. These sneaky apps present as legitimate and only initiate a secret infestation after being installed on the user's mobile device.
You might assume you're downloading a PDF reader, but once installed and activated, the "dropper" app will contact a C2 server and retrieves the configurations and essential strings it needs. After that, it'll download a DEX file carrying the destructive code and enable it on your device. From there, the Anatsa payload URL is downloaded through a configuration file, with this DEX file installing the malware payload, thereby infecting your phone.
Luckily, all identified apps have been pulled from the Play Store, and their developers have been prohibited. However, this won't eliminate these apps from your smartphone if you've downloaded them. If you possess either of these two apps on your phone, remove them immediately. You should also update the passcodes of any banking apps you've used on your phone to ward off the threat actors behind Anatsa.
Strategies to avoid malware apps
Although malicious program developers can be deceptive with their attacks, there are several measures you can take to determine whether an app on the Play Store is genuine. Begin by taking a thorough look at the app's listing: Inspect its name, description, and images; ensure they align with the service the developers advertise. Is the copy well-written, or is it riddled with mistakes? The more amateur the page appears, the more likely it is to be bogus.
Only download apps from trusted publishers. This is particularly critical if you're installing a popular app, as malware apps often mimic well-known apps on phones and other devices. Verify the developer behind the app to ensure they're who they claim to be.
Examine the requirements and permissions the app asks for as well. Anything requesting accessibility should generally be avoided, as this is a common way for cybercriminals to bypass the security measures found on many newer devices. Other permissions to monitor include apps requesting access to your contact list and SMS. If a PDF reader wants your contacts, that's a big red flag.
Browse the app's reviews. Watch out for apps with few ratings or ones where all the reviews seem unusually enthusiastic.
The app's support email address can also provide vital clues. Many malware apps will have a random Gmail account (or other free email account) linked to their support email. While not all apps will have a professional email listed, you can usually determine if something seems suspicious based on the information provided.
Unfortunately, there's no foolproof method to avoid malware apps unless you never install any. However, if you're thoughtful about the apps you install and pay attention to the permissions, developer, and other crucial details, you can typically discern whether or not an app is questionable.
Read also:
Despite the Play Store's rigorous app review process, tech-savvy malware developers can bypass it by utilizing multi-stage payload unloading techniques. Consequently, malicious apps like the ones linked with the Anatsa malware campaign can often slip through undetected, concealing their harmful intentions until installation.
Being aware of this, it is crucial to stay vigilant when downloading apps from the Play Store, particularly warry of 'tech'-related apps that may contain malware. To minimize the risk of accidentally downloading harmful apps, consider adopting rational app selection practices, such as thoroughly scrutinizing app descriptions and permissions before installation.
