Anti-virus company ESET announced the discovery of the 29 banking Trojans disguised as harmless programs in Google Play. It is noted that users of the official app catalog downloaded a total of more than 30,000 times.
Trojans disguised as legitimate applications: horoscopes, tools for system cleaning or saving battery etc. once installed on tablet or smartphone most of the applications reported incompatibility with the device and simulated removal from the system (in fact the icon is just hidden from user's eyes). Some fakes (for example, application-horoscopes) fulfilled the function.
Regardless of the method of masking, the second phase of the attack on the device did the decryption of the payload with the functionality of the bunker. Next, the Trojan has a new target, among applications installed on the device and integrated into a phishing form to enter a username and password. In addition, the malware is intercepted and sent text messages to bypass two-factor authentication via SMS, and could be installed on the device else.
Malicious applications were downloaded in Google Play from different companies. However, the similarity of the source code and the same command and control server suggests that the counterfeit one and the same author (group of authors).
Counterfeit removed from Google Play in the period August to October 2018.