September 27, 2022

COSFONE

Networking, PBX, IT, DIY Solution

Android Trojan App pretended as cleanup app to steal personal information

3 min read

Android: Fake cleanup app to steal personal information



 

Android Trojan App pretended as cleanup app to steal personal information.

A new variant of the Super Trojan is now on Google Play! Fake cleanup app to steal personal information.

 

An information security company ThraFabric recently released a research report pointing out that there are two apps on the Google Play Store that pretend to provide fast cache cleaners for mobile phones, including “Fast Cleaner” and “Pocket Screencaster”, which actually open backdoors to steal user data. A new variant of banking malware.

 

Android users download the app without knowing it. When the mobile phone is invaded and infected by a malicious program, it will secretly perform a series of tasks to steal personal information from the mobile phone server, and use the stealth version of the keylogging tool to track the user’s input on the mobile device. All content, including such as: mobile phone PIN code, bank login account password, etc.

 

ThreaFabric said that the new variant of the malware found in this detection, named “Octo”, is very cunning, like an octopus with lethal tentacles, which can not only successfully bypass the review of Google’s security protection mechanism , and also has the function of evading the multi-factor authentication mechanism, which is currently the most dangerous and least conspicuous malicious fraud software.

At present, it is found that the malware mainly targets Europe, but does not rule out further expansion to banking and financial institutions around the world.

 

Android Trojan App pretended as cleanup app to steal personal informationDisguised as a tool app that provides a fast cache cleaner for mobile phones, “Fast Cleaner” is actually a malicious variant of a banking Trojan. (Photo by ThreaFabric)

 

The reason why “Octo” is cunning is that, in addition to using legitimate tool apps to lure downloads, so that the mobile phone is invaded and infected after the app is installed, and the device control authority is obtained from the remote end.

The most negligent thing is that it also makes the screen The display is black and the brightness value is zero, pretending that the phone is in a shutdown or locked state when it is not in use, but in fact, it is performing actions such as copying, pasting, etc. in the background, and will disable the notification messages of specific applications.

 

Although the above two counterfeit genuine apps have been removed from the Google Play Store at present, it is still necessary to beware that they may be disguised as other different apps to bypass the censorship in the future.

It is recommended that the mobile device be kept on the latest version of security updates as much as possible, and a genuine anti-virus tool that can detect malware is installed.

 



You may have missed