More than 90 Android apps, with a collective installation count of 5.5 million, have been discovered to contain malware designed to steal bank information.

What happened?

Zscaler discovered more than 90 malicious Android apps.  Among these is the sophisticated trojan Anatsa, also known as "TeaBot."  This malware has been downloaded over 5.5 million times and poses a significant threat by targeting over 650 financial institutions. "TeaBot," masquerades as PDF and QR code readers, photography, and health and fitness apps. Google has since banned the use of these malicious dropper applications emphasizing the vulnerabilities present within their review process when it comes to suspending them entirely before being released into the public domain for download purposes.

See also: HIPAA Compliant Email: The Definitive Guide

In the know

Malware, short for malicious software, refers to any software intentionally designed to cause damage, disrupt, or gain unauthorized access to computer systems, networks, or devices. This includes viruses, trojans, ransomware, spyware, adware, and more. The potential impact of malware is vast and varied, ranging from data theft and financial loss to system damage and loss of privacy. It can disrupt personal and business operations, compromise sensitive information, and cause widespread harm to individuals and organizations. As malware techniques become increasingly sophisticated, the importance of robust cybersecurity measures to detect and prevent these threats is critical.

Read more: How do I remove malware?

Why it matters 

The discovery of malicious apps, including the sophisticated Anatsa trojan, demonstrates vulnerabilities in app marketplaces and the persistent threat of malware to users.  Every day, over 450,000 new malware programs are detected, revealing the sheer volume and constant evolution of these threats. Financially motivated attacks dominate the landscape, with 94.6% of cybersecurity breaches being driven by financial gain​.

Despite Google's security measures, malicious apps can still slip through, endangering millions of users by stealing sensitive information, particularly banking details, and causing financial and personal harm. It is important to constantly improve app security reviews and heighten user awareness when downloading and installing apps. 

See also: How to identify and prevent malware in healthcare

FAQs

How does malware spread?

Malware can spread through various methods including email attachments, malicious websites, software downloads, and infected external devices. Social engineering tactics, such as phishing emails, are also commonly used to trick users into downloading malware.

What are the common types of malware?

• Viruses: Self-replicating programs that attach themselves to clean files and spread throughout a computer.
• Trojans: Malicious programs disguised as legitimate software.
• Ransomware: Encrypts data and demands payment for its release.
• Spyware: Gathers information about a person or organization without their knowledge.
• Adware: Automatically delivers advertisements and can redirect browsers to advertising sites.

What are the potential impacts of a malware attack?

Malware can cause a range of damages including data theft, financial loss, system damage, and loss of privacy. It can disrupt personal and business operations, compromise sensitive information, and lead to significant financial and reputational damage.

Over 90 Android apps found to contain malware stealing bank information