Multiple malware on Play Store has accumulated 2 million downloads

Antivirus software developer Dr.Web’s research team found multiple malware in the Google Play Store. Google removed most of the malware after it was notified in May. However, there is still 5 malware available for download in Google Play Store, including:

• PIP Pic Camera Photo Editor – 1 million downloads, malware masquerading as image-editing software, but which steals the Facebook account credentials of its users.
• Wild & Exotic Animal Wallpaper – 500,000 downloads, an adware trojan that replaces its icon and name to ‘SIM Tool Kit’ and adds itself to the battery-saving exceptions list.
• ZodiHoroscope – Fortune Finder – 500,000 downloads, malware that steal Facebook account credentials by tricking users into entering them, supposedly to disable in-app ads.
• PIP Camera 2022 – 50,000 downloads, camera effects app that is also a Facebook account hijacker.
• Magnifier Flashlight – 10,000 downloads, adware app that serves videos and static banner ads.

The cumulative downloads have exceeded 2 million times. Most apps are full of bad reviews. Because the hacker does not provide actual functions, it only attracts users to download and install with various fancy pictures and text introductions.
After installation, malicious components are launched to disguise themselves as other things, then it started to force users to click on the ads that pop up on the screen to make money for the hackers.

In addition to the mandatory pop-up advertisements, there are also Trojan-carrying apps. The malware steals users’ website login credentials, including Facebook and bank accounts and identities.

It is worth noting that with the popularity of 2FA, malware is now also monitoring notifications to steal 2-step verification codes. In this way, with the stolen account password, hackers can directly log in to the user account, and you don’t need to work hard to trick the user.

Via: bleepingcomputer