AT least 330 dodgy apps designed to steal credit card numbers have been downloaded on millions of peoples phones, security experts have warned.
A report from cybersecurity firm Bitdefender has claimed that a widespread malware campaign has been running rampant on the Google Play Store, used by Android phones.
The 330 apps have been downloaded an estimated 60million times, according to the report.
The apps typically mimic utility platforms like QR scanners, expense tracking apps, health and wallpaper apps.
Of the 330 that security experts discovered to be hiding malware, nine are still available to download on the Google Play Store:
- Dropo
- Water Note
- Destiny Book
- Five in a Row
- ShapeUp
- Beautiful Day
- Handset Locator
- MassM BMI
- Body Scale
Alongside credit card numbers, the apps are created with the intention of stealing login credentials and other personal information.
Cyber crooks have allegedly found a way to bypass Android security restrictions.
They are able to hide the app icons, according to Bitdefender, so that these malicious platforms remain hidden on phones.
The apps can start without user interaction, experts warned, even though this should not be technically possible in the latest Android software.
Most of the apps started off as innocent apps, first appearing on Google Play last summer.
However, criminals later updated them with malicious software.
[bc_video account_id=”5067014667001″ application_id=”” aspect_ratio=”16:9″ autoplay=”” caption=”Google reveals surprise Android upgrade including AI that answers phone for you ” embed=”in-page” experience_id=”” height=”100%” language_detection=”” max_height=”360px” max_width=”640px” min_width=”0px” mute=”” padding_top=”56%” picture_in_picture=”” player_id=”default” playlist_id=”” playsinline=”” sizing=”responsive” video_id=”6365641386112″ video_ids=”” width=”640px”]Silviu Stahie, Security Analyst at Bitdefender, told The Sun: “The campaign has been active for months, and it’s clear that the concealment methods are evolving in real-time.
“The attackers have grown sufficiently confident to push updates for these apps and will likely attempt to modify the malware further in their efforts to escape detection.”
It’s unclear whether these dodgy apps are the result of one threat actor or a group.
If any of these apps are downloaded on your Android device, it is advised to delete them immediately.
Google has a raft of security measures in place to stop malicious apps from even making it to the Play Store.
The tech giant’s Play Protect tool runs safety checks on apps from the Google Play Store before users download them – and sends pop-warnings about potentially harmful apps.
However, roughly 1,200 new apps are launched on Google Play everyday – meaning some malicious apps can slip through the cracks.
The Sun has contacted Google for comment.
