Android smartphone users are being warned about dozens of apps discovered on the Google Play Store that are loaded with dangerous malware.
Android is one of the most used pieces of software in the world, with more than two billion active devices running Google’s mobile OS every month.
And the go-to place for downloading Android apps is the Google Play Store, home to millions of apps with many available free of charge.
However, Android fans are being warned after cybercriminals managed to sneak almost 30 apps onto the Google Play Store loaded with banking malware.
Security experts at ESET discovered malicious software on the Google Play Store disguised as device cleaners, battery managers and horoscope apps.
The malware campaign was a “sophisticated” and “complex” one that relied on “a heavy focus on stealth”.
Unlike other malware threats that use fake login screens, this malicious software enabled attackers to send and receive texts on infected devices.
This would then enable them to bypass multifactor authentication (MFA) protocols which otherwise would have protected internet banking data.
It can also download any additional apps of the attackers’ choice and also impersonate any app installed on a compromised device.
In a post online, ESET advised Android fans how to stay safe in the face of this nefarious threat.
They said: “Fortunately, these particular banking Trojans do not employ advanced tricks to ensure their persistence on affected devices.
“Therefore, if you suspect you have installed any of these apps, you can simply uninstall them under Settings > (General) > Application manager/Apps.
“We also advise you to check your bank account for suspicious transactions and consider changing your internet banking password/PIN code.”
ESET said while the offending apps were uploaded under different developer names and guises it looks to be the work of a single attacker.
Click here to be directed to the page showing a full list of all the affected Google Play Store apps.
All of the offending apps have now been removed from the Google Play Store but make sure if you installed any of them they are deleted from your device.
ESET also offered advice to Android users on how to stay safe from security threats.
The experts advised:
• Only download apps from Google Play; this does not ensure the app is not malicious, but apps like these are much more common on third-party app stores, where they are rarely removed once uncovered, unlike on Google Play
• Make sure to check the number of downloads, app ratings and the content of reviews before downloading apps from Google Play
• Pay attention to what permissions you grant to the apps you install
• Keep your Android device updated and use a reliable mobile security solution