Cybersecurity experts Threatfactor have discovered 12 Android applications that can bypass Play Store’s security mechanisms and steal data from banking applications, Kommersant reported.
Such applications download malicious content only in certain regions, including Russia. They are disguised as document and QR code scanners. According to the publication, fraudulent applications track the data of Sberbank, Tinkoff Bank, Uralsib, Pochta Bank and OTP Bank.
Russia, the USA, Great Britain and other countries are targeted by the Anatsa group apps, which have been installed 200,000 times. The publisher Qrbarbode LDC’s QR code scanner from this group has been downloaded over 50,000 times. The specialists noted that the applications work exactly as described, there are many positive reviews on their pages.
The company said that after installation, the application determines whether it is worth downloading the virus to the phone. If so, the application asks the user to download the “update” and allow the installation of unknown applications. Instead of updating, malicious code is downloaded, which then requests full access to the phone. Among the malicious applications, experts found a fitness program. To download the malicious code, the application says that the “update” will add new workouts and exercises.