Zscaler Uncovers Malicious Apps on Google Play with 5.5 Million Downloads

More than 90 Android apps on Google Play have been found to contain malware, as identified by cloud cybersecurity firm Zscaler. These apps, downloaded over 5.5 million times, often masquerade as PDF or QR code readers but install data-stealing malware through updates.

These malicious apps, such as “PDF Reader & File Manager” by TSARKA Watchfaces and “QR Reader & File Manager” by Risovanul, secretly collect user data and display fake banking login pages to steal financial credentials. Although both apps, which had over 70,000 downloads combined, have been removed from the Play Store, they still pose a risk to users who previously installed them.

Key indicators of these apps being illegitimate include unrecognizable developer names and the use of free Gmail accounts for support, rather than professional email addresses.

Zscaler’s analysis highlights that most malware-infected apps fall under the “tools” category, with some also posing as “personalization” or photography apps. The study particularly focused on the Anatsa malware but also found other malware families such as Joker, Adware, Facestealer, and Coper.

Despite making up only 2% and 1% of malware distribution, Antasa and Coper are significant banking trojans. Zscaler noted multiple instances of Coper malware in the Google Play store last year.

Even apps on trusted platforms like Google Play Store or Apple’s App Store are not always safe. New banking trojans, such as “Brokewell,” surfaced in April, allowing attackers full access and remote control of victims’ devices. Android malware has been a persistent threat, with Anatsa malware appearing earlier this year and in 2022.

Stay vigilant when downloading apps, even from trusted sources, to protect your data and financial information.