The Play Store is still a source of crap: four Trojans are account cleaners

The Play Store is still a source of crap: four Trojans are account cleaners

Four different banking Trojans spread on the Play Store between August and September 2021 to take a harvest of 300,000. infections – reports ThreatFabric. Researchers emphasize that despite the efforts of Google, pests are still raging and criminals use more and more sophisticated methods.

Anatsa (aka TeaBot), Alien, ERMAC, and Hydra – what do they have in common? They are all banking Trojans that the ThreatFabric researchers count among the ranks next-generation malware. A little over a quarter was enough to infect up to 300,000. devices enumerated. Usually without the owner knowing.

While traditional malware works in a zero-one sense, either because it is and is still a threat, or it is not, the next-generation malicious code turns out to be more sublime. It wakes up under certain conditions, such as only in a specific location, and then delays the final attack. So that the aggrieved party cannot associate it with a specific application or event.

New generation, i.e. surgically precise

History is shown as an example ERMAC and Hydra; Trojans not initially used against US residents, and later precisely introduced into that market via a QR code scanning application. Having detected a non-US location, the scanner acted like an honest tool, not sucking up any garbage.

Another pattern is a series of exploitation attacks the TeaBot Trojan. The applications distributing it did not have a single line of malicious code in them, so they took a walk through the Google Play Protect algorithms and the rest of the entanglements. Payload was only downloaded by the update system. Or a website that mimics a remote control panel.

Yet another tactic was chosen by the authors Alien Trojan. They added their pest to the fitness application, but again not directly, but in a package with additional sets of exercises. If the user did not choose to download them, it would remain safe. But who would refuse the gratuity, wouldn’t it?

12 malicious apps on the Play Store

In order not to be groundless, the ThreatFabric team has prepared a list 12 applications found on the Play Store that used the techniques described. Recall that they successfully infected over 300,000. devices. It is not known how many of them remained asleep, but it is undoubtedly better not to tempt fate. And here they are:

  • Two Factor Authenticator (com.flowdivison)
  • Protection Guard (
  • QR CreatorScanner (com.ready.qrscanner.mix)
  • Master Scanner Live (com.multifuction.combine.qr)
  • QR Scanner 2021 (com.qr.code.generate)
  • QR Scanner (com.qr.barqr.scangen)
  • PDF Document (com.xaviermuches.docscannerpro2)
  • Scanner – Scan to PDF
  • PDF Document Scanner (
  • PDF Document Scanner Free (
  • CryptoTracker (
  • Gym and Fitness Trainer (com.gym.trainer.jeux)

Photo source: Unsplash (Łukasz Radziejewski)

Text Source: ThreatFabric, ed. own

About Alex Marcell

He likes dogs, pizza and popcorn. Already a fanboy of Nintendo and Sony, but today throws anything. He has collaborated on sites and magazines such as GameBlast, Nintendo World, Hero and Portal Pop, but today is dedicated exclusively to Spark Chronicles.

Check Also

Samsung Galaxy S22 – all variants, specification and price

The well-known leakster Evan Blass shared the variants of the Samsung Galaxy S22. The taste …

Leave a Reply

Your email address will not be published.