The app has been downloaded more than 10,000 times and hides a Trojan.
Cybersecurity experts at Avast have discovered a Trojan —another plus— hidden in a calculator app for Android that, once installed on the devices of the victims, it could reach steal your bank details. The attack is aimed at the Spanish public, and currently the application has already been downloaded more than 10,000 times from the Google Play Store.
The malware in question has been dubbed “Cerberus”, and according to experts it is present in a currency conversion application called “Currency Calculator” Apparently, with the aim of sneaking into Google Play and not raising suspicion, during the first weeks since its publication, malicious functions were disabled, but later the brains behind the attack decided to take advantage of their victims.
This is Cerberus, the Trojan that steals your bank details
Once the application is installed on the victim’s device, the user can use it and it fulfills its function without any problem. Also, During its first days, it did not access any type of personal information stored on the device. In this way, attackers reduced the chances that the user would end up uninstalling the app.
But, as the weeks passed, the app in question acted as a “Dropper”, a type of malware that download other malicious applications without the express permission of the user. In this case, the malware in question downloaded an app capable of running at the time the user accessed the app of a bank, to steal the access data as they are entered. According to the researchers, the Trojan was even capable of extract login verification codes and two-step verification that some banks send via text messages.
According to Avast, the server supporting the Trojan was active last Monday, and as of the night of the same day, the server in charge of sending the control commands was no longer available and the malicious code had been removed from the application. However, most likely, the attackers planned to repeat this same strategy in the future. Meanwhile, the researchers have already reported the threat to Google with the aim of removing the application from the store as soon as possible and preventing new devices from becoming infected with malware.
It is clear that, in the middle of 2020, these types of cases arise more frequently than we would like, and Android security remains a controversial topic. Throughout this year, we have already had to report several cases of malware and malicious applications discovered on Google Play, and it does not appear that the situation will change in the short term. Meanwhile, all we have left is to try download only apps from reputable developers and not grant sensitive permissions to applications that need it, as long as these are not essential for its operation.
By the way! We have a new episode of our podcast! Listen Connecting on Ivoox and Spotify.