Great Moto G Stylus deal on Amazon!
Samsung foldable phones incoming
Reserve your Z Fold 6 or Z Flip 6 now and get $50 of instant Samsung credit and a chance to win $5,000!
Jul 10, Wed, 18:00 CDT
00 days
00 hrs
00 mins

Delete these tricky trojan dropper Android apps today or your banking info is in danger

By
6comments
Delete these tricky trojan dropper Android apps today or your banking info is in danger
Yes, ladies and gents, we're afraid it's that time of the year month again. The time to peruse the list of apps installed on your Android device to try to spot malicious titles that might be out to get you.

As paranoid as it sounds to the untrained ear, that almost always proves fruitful (in a bad way) for a significant number of users, who simply don't seem to be protected well enough by Google. The latest in-depth research conducted by cybersecurity firm ThreatFabric over the span of several months reveals a grand total of four malware families that wreaked havoc pretty much worldwide using a very particular set of spine-chilling skills.

More than 300,000 people could still be in danger


Now that's a scary number, and the scariest thing might be the way these malicious Anatsa, Hydra, Ermac, and Alien campaigns were found to operate between the months of June and November of this year.

In a nutshell, ThreatFabric researchers discovered a bunch of Android apps were used as "trojan droppers" in a large number of markets around the world, garnering decent reviews by offering legitimately useful features while secretly aiming to harvest sensitive financial information without owner approval.

The truly devious nature of the newly unearthed banking trojans arises from their activation, which happened sporadically, cancelling out most of the red flags normally associated with this type of threat.

 

Otherwise put, not all users in all countries were attacked, and the ones who did become victims of the huge security breach were targeted at different times, as illustrated in the handy graph above. For many people, the malicious apps never stopped working as advertised, only occasionally asking for permission to install essential updates that were in fact trojan droppers.

That way, the bad actors behind the apps could evade Google's Play Store protections upon their original installation, posing and oftentimes working as legitimate PDF document scanner, QR scanner, or two factor authentication services.

Overall, it is estimated that more than 300,000 infections resulted from these widespread "campaigns" in four months, and while it's not entirely clear how many of those users may still have their banking details at risk, you should probably take all the necessary precautions if you have reason to believe that might be the case.

This is the full list of malicious apps you need to delete ASAP


The first and most important security measure you have to employ as soon as possible, of course, is to uninstall these apps from your Android phone:

  • Two Factor Authenticator (package name com.flowdivision)
  • Protection Guard (com.protectionguard.app)
  • QR CreatorScanner (com.ready.qrscanner.mix)
  • Master Scanner Live (com.multifuction.combine.qr)
  • QR Scanner 2021 (com.qr.code.generate)
  • QR Scanner (com.qr.barqr.scangen)
  • PDF Document Scanner - Scan to PDF (com.xaviermuches.docscannerpro2)
  • PDF Document Scanner (com.docscanverifier.mobile)
  • PDF Document Scanner Free (com.doscanner.mobile)
  • CryptoTracker (cryptolistapp.app.com.cryptotracker)
  • Gym and Fitness Trainer (com.gym.trainer.jeux)
  • Master Scanner Live (leaf.leave.exchang)
  • Gym and Fitness Trainer (gesture.enlist.say)
  • PDF AI: Text Recognizer (com.uykxx.noazg)
  • QR CreatorScanner (com.cinnamon.equal)
  • QR CreatorScanner (com.tag.right)

Because some of the apps in question have incredibly generic, similar, or even identical titles, the package names should help you more easily distinguish them from the Google Play pack. 

Recommended Stories
You can find an app's package name simply by searching for it on your web browser, and if you do identify any of the malicious apps listed above on your phone, it might be a good idea to contact your bank and see what they can do to help better protect your data.


There's a list of specific banks targeted by the Anatsa, Alien, Hydra, and Ermac trojans, by the way, but it's far too long to copy and paste here, covering numerous top financial institutions across the old continent, Australia, Asia, and of course, the United States.

Of those generic-sounding apps, Free QR Code Scanner (from developer QrBarCode LDC) alone crossed the 50,000 install milestone before Google finally ejected it from the Play Store, so you might want to start your search there.

 

For what it's worth, all of these particular apps have been removed from the official Play Store after their true intentions were discovered, but if history is any indication, it won't be long until other bad actors are found.

https://m-cdn.phonearena.com/images/users/242-200/Adrian-Diaconescu.jpg
Adrian Diaconescu Mobile Tech News and Deals Journalist
Adrian, a mobile technology enthusiast since the Nokia 3310 era, has been a dynamic presence in the tech journalism field, contributing to Android Authority, Digital Trends, and Pocketnow before joining PhoneArena in 2018. His expertise spans across various platforms, with a particular fondness for the diversity of the Android ecosystem. Despite the challenges of balancing full-time parenthood with his work, Adrian's passion for tech trends, running, and movies keeps him energized. His commitment to mid-range smartphones has led to an eclectic collection of devices, saved from personal bankruptcy by his preference for 'adequate' over 'overpriced'.

Recommended Stories

Loading Comments...

Popular stories

U.S. government tells some Pixel users to update their phones in 10 days or stop using them
U.S. government tells some Pixel users to update their phones in 10 days or stop using them
T-Mobile does something right for once, quickly reverting controversial recent change
T-Mobile does something right for once, quickly reverting controversial recent change
Google reportedly canceling YouTube Premium subscriptions purchased using VPNs for lower pricing
Google reportedly canceling YouTube Premium subscriptions purchased using VPNs for lower pricing
After delay, T-Mobile's unwelcome Home Internet change is going into effect
After delay, T-Mobile's unwelcome Home Internet change is going into effect
Upcoming Motorola phone will give buyers protection never seen from a major manufacturer
Upcoming Motorola phone will give buyers protection never seen from a major manufacturer
The incredible Galaxy Tab S9 256GB is heavily discounted at Best Buy, but for an extremely limited time
The incredible Galaxy Tab S9 256GB is heavily discounted at Best Buy, but for an extremely limited time

Latest News

Motorola partners with Google to bring Gemini to the 2024 Razr lineup
Motorola partners with Google to bring Gemini to the 2024 Razr lineup
New report puts Samsung ahead of Apple in US smartphone sales, with Motorola a distant third
New report puts Samsung ahead of Apple in US smartphone sales, with Motorola a distant third
I want to buy the Motorola Razr Plus, but I refuse to do so at this price point
I want to buy the Motorola Razr Plus, but I refuse to do so at this price point
Fold 6 & Unpacked: Samsung finally catching up with Chinese foldables? | PA Show E7
Fold 6 & Unpacked: Samsung finally catching up with Chinese foldables? | PA Show E7
Enjoy up to 50 hours of listening with the dirt-cheap Soundcore Space A40 earbuds with this deal
Enjoy up to 50 hours of listening with the dirt-cheap Soundcore Space A40 earbuds with this deal
Xiaomi sells the most TWS earbuds in this country, Apple is distant third
Xiaomi sells the most TWS earbuds in this country, Apple is distant third
FCC OKs Cingular\'s purchase of AT&T Wireless