With the ongoing brouhaha that Apple continues to deal with over the rules surrounding its App Store — such as Spotify chief legal officer Horacio Gutierrez embarking on something of a media tour in recent weeks, whining that Apple is a “ruthless bully” to anyone who will listen — it’s hard not to imagine that the iPhone maker, over and over again, must surely want to point to examples like the following in order to justify itself.
Basically, as summarized by cybersecurity researchers at Bitdefender, cybercriminals have been using fake versions of Android apps to distribute malware to victims. The Teabot malware, also sometimes referred to as “Anatsa,” can enable a hacker to fully take over a victim’s Android device and steal their banking and other important personal information via tools like keyloggers.
Apple insists that it’s so strict about the acceptance of applications into the App Store as well as how those apps can be monetized partly to prevent scenarios like this one. And while the Google Play Store is arguably better today than it’s ever been in terms of cracking down on dodgy apps not being able to enter the Android app marketplace, there are still ways around that. “According to an early analysis report,” the Bitdefender researchers note in a June 1 commentary, the Teabot malware “can carry out overlay attacks via Android Accessibility Services, intercept messages, perform various keylogging activities, steal Google Authentication codes, and even take full remote control of Android devices.
“Criminals welcome the opportunity to spread malware directly from app stores, but that isn’t easy. Instead, they go for the next available method — imitating top-rated apps in the hopes of tricking at least some users into downloading and installing their malicious versions.”
According to the Bitdefender research, the fake Android apps include audiobook players, an open-source media player, and antivirus apps, to name a few. In order to trick users, the names and logos look similar to the real thing. The start of this malicious Android apps campaign, it’s important to note, also dates back to the beginning of December 2020, and the Bitdefender research lists these as the fake Android apps being utilized:
These apps are hosted on third-party sites, rather than being distributed through the Play Store.
“The campaign to distribute these apps in the wild remains active,” Bitdefender stresses. “Bitdefender has identified a strange distribution method with attackers using a fake Ad Blocker app that acts as a dropper for the malware. It’s just one new distribution method. We suspect others are used, but they remain unknown for the time being.”
Related coverage: