| Malicious cell phone applications can hide in plain sight, often disguised as legitimate programs. Threat actors aim to deceive users into installing malicious software and giving permissions far beyond what legitimate apps require. |
| Image Source: Zimperium |
| To avoid the inherent distrust that users may have toward apps outside of the official Google Play Store, threat actors imitate legitimate companies and find creative ways to distribute their malware. DoubleTrouble, a banking trojan, disguises itself as an extension, even using the Google Play icon to add a sense of trustworthiness. In a new campaign, threat actors have been utilizing Discord-hosted Android Packages ( APKs) to disseminate the most recent version of DoubleTrouble. This variant has many features, including screen capture, keylogging, stealing clipboard data, and employing obfuscation techniques to remain stealthy on an infected device. |
| Image Source: CTM360 |
| In another campaign, dubbed ClickTok, threat actors impersonate TikTok’s in-app e-commerce platform, which includes TikTok’s Shop, Wholesale, and Mall. Utilizing AI-generated content, threat actors create fake ads and mimic influencers and brand ambassadors to lure users to fake websites. They use these fake TikTok Shops to attempt to trick users into sharing their credentials, purchasing bogus products, or installing malware, such as SparkKitty Spyware. |
| The PlayPraetor Android trojan has been distributed primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong, infecting over 11,000 devices. This campaign utilizes Meta ads that lead to thousands of pages imitating Google Play Store download pages. PlayPraetor has been observed harvesting card information, personally identifiable information (PII), and online banking credentials. |
| Recommendations |
| Users are advised to only download applications from official sources. Users who downloaded the malicious apps are urged to uninstall them promptly. Credentials used to log in to malicious apps should immediately be changed. Review the requested permissions and never grant access to the “Accessibility Services.” Keep Google Play Protect enabled on all Android devices. Provide personal or financial information or transfer money to only legitimate and verified websites. Regularly update your mobile device and its applications. Run updated and reputable anti-malware programs on devices. |