This Google Play app has a banking Trojan that attacks Spanish users

This Google Play app has a banking Trojan that attacks Spanish users

It’s rare for a malicious app to sneak into Google Play or an app store, but it can happen. In fact, it has happened recently. Avast, the security company known for the antivirus program, has discovered an application that contained a banking trojan named Cerberus. The app, which supposedly works as a currency converter, has been downloaded on Google Play in Spain and steals our bank details.

This application, called Currency Calculator, was available for free download on Google Play and was available to all Android users in Spain. According to Avast, which has not provided more information about the app, accumulated more than 10,000 installations, so the Trojan could have affected a large number of users.

For the first few weeks the app seemed to do its job. It was a currency converter without any risk, like the one we see on Google or other applications. The objective was to achieve the highest number of downloads possible and then insert the Cerberus Trojan, which steals our bank details. The attack apparently took place on July 6, 2020, and on a temporary basis. It is a tactic used by hackers to avoid being discovered, since acting in a short period of time is more difficult for them to be detected.

How does this Trojan work?

mobile_apps_payments

The Trojan uses three phases to achieve its objective. FirstThey offer full functionality of the app so that users do not suspect. In this case, the app allowed converting currencies, and apparently did its job. During this first phase the Trojan would not have collected any data from the user, since the objective was not to do it through that application.

The second phase, called ‘dropper’, is the most important. LA real function of the app ‘Currency Calculator’ was not to steal your data, but to download and install another application in the background. Specifically, a banking app that replaces the one on your phone. In this way, the user may not even know that they have a new app on their phone.

As soon as the user accesses that bank app with their credentials, the Trojan will be activated. Here begins the third and final phase: data collection. The virus is capable of detecting all bank details, passwords and even authentication codes for SMS and messages. So you can easily withdraw money from your account or make transactions with your data.

While the Trojan has been active for a short period of time, could have been enough to affect a large number of users. Avast has already reported the problem to Google to remove the app as soon as possible. At the moment we do not know if Google has taken measures, but it seems that the app has already been removed from the Play Store.

How to prevent our bank details from being stolen

Google-Play-Protect

If you haven’t downloaded a currency calculator app recently, you shouldn’t worry, even if you don’t let your guard down. This application started appearing on Google Play in March. If you have downloaded a similar app, it is best to check that it is verified by Google Play Protect. In addition, it is recommended that you change the password for your bank account.

You should also check that your bank’s app is the official one.





Other news about … Google, Security

Leave a Reply

Your email address will not be published. Required fields are marked *