On the Google Play Store, a group of cybersecurity researchers from Dr. Web Antivirus discovered some data-stealing malicious apps. The malware disguised as apps was identified in May 2022, and some of them are still active on the Google Play Store, waiting to be downloaded by unwitting Android users.
Some of the apps ask users to log in using their Facebook accounts, which allows attackers to steal passwords and other authorisation information.
Adware apps and data-stealing Trojans were among the most common Android dangers in May 2022, according to Dr. Web antivirus analysts. Spyware apps that can steal information from other apps’ alerts are at the top of the list, mostly to obtain one-time 2FA passcodes (OTP) and take over accounts.
Apps that are hazardous
The following are some of the harmful apps that have been detected and are still available on the Google Play Store:
Magnifier Flashlight
This was disseminated under the pretense of a flashlight application called “Magnifier Flashlight.” It removed its icon from the home screen menu’s app list and displayed advertisements in the form of movies and banners on a regular basis. The app has been downloaded 10,000 times.
Wild & Exotic Animal Wallpaper—
According to the researchers, this software tries to hide from the user by changing its name to ‘SIM Tool Kit’ and replacing the app’s icon with a less visible one. Furthermore, this software asked the user’s permission to be added to the list of battery-saving feature exclusions. This would allow the trojan to show adverts even if the user has not used the program in a long time. On the Google Play Store, this app has already received over 500,000 downloads.
Trojans that steal data have also been uncovered and can be used to gain access to Facebook accounts. According to the researchers, they were distributed through image-editing tools like PIP Pic Camera Photo Editor.
PIP Camera 2022
Camera Photo Editor
Light Exposure photo Editor
“These trojans solicit potential victims to connect into their Facebook account under a variety of pretexts (for example, to reportedly unlock their full functionality or block in-app adverts).”
The researchers noted that “then they steal the entered logins, passwords, and other authorisation data and send it to cybercriminals.”