A new trojan, PlayPraetor, is targeting users via fraudulent Google Play pages that prompt them to download a malicious APK app.
Once users install malicious applications, they can harvest banking credentials, monitor clipboard activity, and log keystrokes for further exploitation, researchers at the Bahrain-based cybersecurity company CTM360 claim.
The scam starts with fake websites that resemble those of trusted entities like governmental agencies and also imitate the Google Play Store. Overall, CTM360 claims to have identified over 6,000 fraudulent websites, which are also distributed via Meta Ads.
These websites reportedly contain fake APKs that appear to be similar to legitimate apps in both icon and name but are actually Trojans designed to act as spyware.
“These malicious apps request dangerous permissions, including access to accessibility services. This might seem harmless but actually, it enables the malware to capture screen content and monitor keystrokes for sensitive data like login credentials and private keys,” the researchers claim.
In addition, the malware targets a specific list of banks by searching for banking apps on the infected device.
It then sends a complete list of installed applications to the attackerʼs server, checks for any apps from the target bank list, and waits for the right opportunity to steal user credentials, CTM360 claims.
Once a trojan is installed, hackers may use it for further monetization purposes, including account takeover, personal data harvesting, ransomware attacks, and more.
The researchers claim to have analyzed malware by downloading three malicious APKs hosted on fraudulent domains that impersonate the Google Play Store.
Your email address will not be published. Required fields are markedmarked