If you use an Android phone then you will have to be careful before you download an app. Several researchers have found that more than 3,00,000 users have downloaded a banking trojan malware, unaware, as it also managed to circumvent the Google Play Store's security.
Some commonly downloaded apps are a cover for 4 kinds of malware, one of which puts users' financial data and money at huge risk as it bypasses multi-factor authentication on banking-related apps on smartphones and sends the information to hackers.
Several researchers at ThreatFabric have said that popular apps like QR code readers, document scanners, fitness monitors, and cryptocurrency trading platforms are not always authentic.
Here is a list of some of these apps.
- Two Factor Authenticator
- Protection Guard
- QR CreatorScanner
- Master Scanner Live
- QR Scanner 2021
- PDF Document Scanner - Scan to PDF
- PDF Document Scanner
- QR Scanner
- CryptoTracker
- Gym and Fitness Trainer
It is important to know that hackers are using four kinds of malware that steal the personal information of the users. While the malware remains inactive till the app is installed, it becomes active after the app is installed.
The most common malware is Anatsa which researchers have said has been downloaded by 2,00,000 Android users. It has been named as an "advanced" banking trojan. The other three forms of malware that researchers managed to find are Alien, Hydra, and Ermac.
All these malware forms do not become active until the app is installed by the user.
ThreatFabric has said that it has already informed Google about such apps and while some of them have been removed, others are under review. The researchers have listed all the apps tainted by the four malware forms on its blog, which includes popular apps such as YONO Lite by State Bank of India and PayPal.