A group of cybersecurity researchers at Dr. Web Antivirus have identified some information-stealing malware apps on the Google Play Store. The malware masquerading as apps were discovered in May 2022, and some of them are still active on the Play Store and being downloaded by unsuspecting Android users.
Some of the apps request users to log in through their Facebook, thus hijacking passwords and other authorization details and send to cybercriminals.
Analysts at Dr. Web antivirus report that adware apps and data-stealing Trojans were among the most prominent Android threats in May 2022. At the top of the report are spyware apps that can steal information from other apps’ notifications, primarily to snatch one-time 2FA passcodes (OTP) and take over accounts.
The dangerous apps
Some of the dangerous apps identified that are still active on Google Play Store include:
Wild & Exotic Animal Wallpaper—According to the researchers, this app tries to hide from the user, replacing the app’s icon with a less noticeable one, while also changing its name to ‘SIM Tool Kit”. Moreover, this software requested permission from the user to add it to the battery-saving feature exceptions list. This would allow the trojan to display ads even when the device owner did not use this app for a long time. This app already has over 500,000 downloads on Google Play Store.
Magnifier Flashlight – This was spread under the guise of a “Magnifier Flashlight” flashlight application. It hid its icon from the apps list on the home screen menu and periodically displayed advertisement videos and banners. The app has had 10,000 downloads.
Others uncovered are trojans designed to steal data which can be used to hack into Facebook accounts. According to the researchers, they were spread through image-editing apps like PIP Pic Camera Photo Editor
PIP Camera 2022
Camera Photo Editor
Light Exposure Photo Editor
“Using a number of pretexts (for example, to allegedly unlock their full functionality or disable in-app ads), these trojans ask potential victims to log into their Facebook account. Then they hijack the entered logins, passwords and other authorization data and send this information to cybercriminals,” the researchers explained.