Yes, ladies and gents, we're afraid it's that time of the year month again. The time to peruse the list of apps installed on your Android device to try to spot malicious titles that might be out to get you.
As paranoid as it sounds to the untrained ear, that almost always proves fruitful (in a bad way) for a significant number of users, who simply don't seem to be protected well enough by Google. The latest in-depth research conducted by cybersecurity firm ThreatFabric over the span of several months reveals a grand total of four malware families that wreaked havoc pretty much worldwide using a very particular set of spine-chilling skills.
More than 300,000 people could still be in danger
Now that's a scary number, and the scariest thing might be the way these malicious Anatsa, Hydra, Ermac, and Alien campaigns were found to operate between the months of June and November of this year.
In a nutshell, ThreatFabric researchers discovered a bunch of Android apps were used as "trojan droppers" in a large number of markets around the world, garnering decent reviews by offering legitimately useful features while secretly aiming to harvest sensitive financial information without owner approval.
The truly devious nature of the newly unearthed banking trojans arises from their activation, which happened sporadically, cancelling out most of the red flags normally associated with this type of threat.
Otherwise put, not all users in all countries were attacked, and the ones who did become victims of the huge security breach were targeted at different times, as illustrated in the handy graph above. For many people, the malicious apps never stopped working as advertised, only occasionally asking for permission to install essential updates that were in fact trojan droppers.
That way, the bad actors behind the apps could evade Google's Play Store protections upon their original installation, posing and oftentimes working as legitimate PDF document scanner, QR scanner, or two factor authentication services.
Overall, it is estimated that more than 300,000 infections resulted from these widespread "campaigns" in four months, and while it's not entirely clear how many of those users may still have their banking details at risk, you should probably take all the necessary precautions if you have reason to believe that might be the case.
This is the full list of malicious apps you need to delete ASAP
The first and most important security measure you have to employ as soon as possible, of course, is to uninstall these apps from your Android phone:
Two Factor Authenticator (package name com.flowdivision)
Protection Guard (com.protectionguard.app)
QR CreatorScanner (com.ready.qrscanner.mix)
Master Scanner Live (com.multifuction.combine.qr)
QR Scanner 2021 (com.qr.code.generate)
QR Scanner (com.qr.barqr.scangen)
PDF Document Scanner - Scan to PDF (com.xaviermuches.docscannerpro2)
Because some of the apps in question have incredibly generic, similar, or even identical titles, the package names should help you more easily distinguish them from the Google Play pack.
Recommended Stories
You can find an app's package name simply by searching for it on your web browser, and if you do identify any of the malicious apps listed above on your phone, it might be a good idea to contact your bank and see what they can do to help better protect your data.
There's a list of specific banks targeted by the Anatsa, Alien, Hydra, and Ermac trojans, by the way, but it's far too long to copy and paste here, covering numerous top financial institutions across the old continent, Australia, Asia, and of course, the United States.
Of those generic-sounding apps, Free QR Code Scanner (from developer QrBarCode LDC) alone crossed the 50,000 install milestone before Google finally ejected it from the Play Store, so you might want to start your search there.
For what it's worth, all of these particular apps have been removed from the official Play Store after their true intentions were discovered, but if history is any indication, it won't be long until other bad actors are found.
Adrian, a mobile technology enthusiast since the Nokia 3310 era, has been a dynamic presence in the tech journalism field, contributing to Android Authority, Digital Trends, and Pocketnow before joining PhoneArena in 2018. His expertise spans across various platforms, with a particular fondness for the diversity of the Android ecosystem. Despite the challenges of balancing full-time parenthood with his work, Adrian's passion for tech trends, running, and movies keeps him energized. His commitment to mid-range smartphones has led to an eclectic collection of devices, saved from personal bankruptcy by his preference for 'adequate' over 'overpriced'.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
![T-Mobile users can get iPhone 16 for the price of a budget phone (no new line) [UPDATED]](https://m-cdn.phonearena.com/images/article/167601-wide-two_350/T-Mobile-users-can-get-iPhone-16-for-the-price-of-a-budget-phone-no-new-line-UPDATED.jpg)
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: