QR Code Scanner with Virus Steals Banking Data on Google Play
Android smartphone users may be at risk of hacking due to a malicious app found on Google Play. Security experts from ThreatFabric have discovered a virus capable of bypassing protections when scanning QR codes.
The app in question, Free QR Code Scanner by publisher QrBarBode LDC, does not contain the virus in its code, which allows it to pass all necessary checks when published in the official Google store. Moreover, the QR code scanner itself functions normally.
However, while operating, the app also scans data from the device, such as the model, region, country, and Android version, to determine whether it should download the virus onto the phone. The virus is then downloaded under the guise of an update.
The app downloads different viruses for different regions. For users in Russia, the banking trojan Anatsa was installed on their phones. This trojan allows cybercriminals to access information from apps belonging to Sberbank, Tinkoff, VTB, Post Bank, and other financial institutions.
According to experts, βAnatsa gains full control over the device and can independently perform actions on behalf of the user.β
The virus can replace screens in banking apps, send screenshots, and record keystrokes entered on the keyboard.
Source
- ThreatFabric
See Also
- Our other channels
- Our friends and partners