Despite Google's extensive efforts to keep the Google Play Store clean of malicious applications with bank trojans, security researchers reveal that several applications are "escaping" and are finally available to users.
Recent security researchers from various European organizations have revealed on Twitter their findings for several banking trojans within the Play Store.
Lukas Stefanko, her researcher ESET antivirus, found 3 from these banking trojans, which were considered in applications for zodiac and horoscopes. But what these applications could do was a lot more than that, SMS and call logs, sending SMS from the user's device without his consent, downloading and installing applications without the user's consent, and theft of credentials from bank accounts thanks to embedded banking trojans.
Before publishing Stefanko's findings on Twitter, he advised Google, which in turn removed applications from the Play Store. However, as apps were available for several days, one of them had more than 1000 downloads.
It is important to note that the reason why applications were not identified as malicious from the outset is because they had a very low detection rate. Some of them had just 12 (from 60) positive results on the VirusTotal platform.
Android Legitimate Spyware with 10M + installs.
App #Only owned by Facebook, is a VPN service that collects your:
- installed / opened apps
- visited websites
This app should hide your traffic & increase privacy, instead it collects it. pic.twitter.com/gvhYDhphk2
- Lukas Stefanko (@LukasStefanko) 31 August 2018
Finally, apps that say signs are not the only ones we should be afraid of. A VPN application by Onavo (owned by Facebook) collected information from users such as the location, the pages they visit, the applications they use, and others, which one would not expect from an application designed to be anonymous.