Friday, March 29, 2024
HomeTechThese two apps can empty your bank account and have been downloaded...

These two apps can empty your bank account and have been downloaded thousands of times: delete them from your mobile

-


Be very careful with these two apps: they pose as seemingly harmless task managers, but they can empty your bank account.

These two apps can empty your bank account and have been downloaded thousands of times: delete them from your mobile

At the beginning of the year we already had to report on the spawn of Xenomorpha dangerous Trojan, capable of steal banking app login details, and even intercept one-time codes received by SMS. Thanks to his techniques, he managed to become one of the most widespread and dangerous trojans available on Android.

Now, Xenomorph has returned to the Google Play Store. As reported by the specialized cybersecurity portal hispasecthe Zscaler ThreatLabz research team has discovered new apps infected with Xenomorph in the app store of Android devices.

These apps accumulate thousands of downloads by users, as they pose as seemingly harmless tools. However, inside they hide one of the virus most dangerous that exist today.

android apps

Applications on an Android smartphone.

The Trojan hides in two seemingly harmless applications

As the researchers have indicated, the malware hides in two seemingly harmless apps: a task manager and an app to keep track of expenses. Their names are “Todo: Day manager (com.todo.daymanager) Y “Expense Keeper (com.setprice.expenses)”.

Once either of the two applications is installed, user is prompted to grant access permission to obtain advanced privileges and be able to carry out the next step of the attack, which consists of download the malware itselfhosted on GitHub.

Google Play Store screenshot of two apps with malware

The two apps infected with Xenomorph.

With the malware already installed on the victim’s device, Xenomorph carries out the rest of the attackattempting to steal banking app credentials and intercepting text messages and notifications so that it is able to steal one-time verification codes.

This is not the first Trojan to take advantage of android accessibility permissions to take control of devices and infect them. For that reason, it is very important decide well what type of permissions are granted to each applicationand it is recommended to use this type of advanced permissions only in those apps from trusted developers and with some popularity within Google Play.

For you

© 2022 Difoosion, SL All rights reserved.



Source link

andro4all.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular