Remove These Newly Discovered Malicious Apps from Your Android Device

Security research group Zscaler has reported the discovery of more than 90 malicious Android apps available on the Play Store. These apps, collectively installed over 5.5 million times, are part of the ongoing Anatsa malware campaign targeting over 650 apps tied to financial institutions.

As of February 2024, Anatsa has infected at least 150,000 devices through several decoy apps, many disguised as productivity software. While most of the apps involved in this latest attack remain unidentified, two known examples are PDF Reader & File Manager and QR Reader & File Manager, which had over 70,000 installs combined at the time of Zscaler’s investigation.

How These Malicious Apps Infect Your Phone

Despite Google’s rigorous review process for Play Store apps, malware campaigns like Anatsa can evade detection by using a multi-stage payload loading mechanism. These apps masquerade as legitimate software and only begin their malicious activities once installed on a user’s device.

For example, you might download a seemingly innocent PDF reader, but once installed and opened, the “dropper” app connects to a C2 server to retrieve necessary configurations and strings. It then downloads a DEX file containing the malicious code, activates it on your device, and completes the infection process by downloading the Anatsa payload URL.

What to Do If You Have These Apps

Fortunately, all identified malicious apps have been removed from the Play Store, and their developers have been banned. However, this does not automatically delete the apps from your device. If you have either PDF Reader & File Manager or QR Reader & File Manager installed, uninstall them immediately. Additionally, change the passcodes of any banking apps you’ve used on your device to prevent unauthorized access to your accounts.

How to Avoid Malware Apps

While avoiding all malware can be challenging, there are steps you can take to minimize your risk:

1. Scrutinize App Listings: Pay close attention to the app’s name, description, and images. Ensure they align with the advertised service. Poorly written descriptions or mismatched information can be red flags.
2. Trustworthy Publishers: Only download apps from reputable publishers. Verify the developer’s identity, especially if downloading a popular app that could be impersonated by malware.
3. Check Permissions: Be cautious of apps requesting unnecessary permissions. Avoid apps asking for accessibility features, access to your contacts, or SMS if these permissions are irrelevant to the app’s function.
4. Read Reviews: Look through the app’s reviews. Be wary of apps with few ratings or overwhelmingly positive reviews that seem fake.
5. Support Email: Check the support email address provided. Malware apps often use random Gmail or other free email accounts, which can indicate a lack of professionalism.

While it’s impossible to guarantee complete protection against malware apps, being vigilant about the apps you install and their permissions, developers, and reviews can help you identify and avoid suspicious software.