- Meta -ads and an SMS campaign runs traffic to hundreds of fake play -store pages
- That download victims fake apps carrying Playpraetor Malware
- Malware can log keystrokes, grab the credentials and monitor the clipboard
More than 11,000 Android devices were recently infected by a new variant of Playpraetor Remote Access Trojan (Rat).
This is according to cybersecurity researchers Cleafy who said there is a running, aggressive campaign to distribute malware to as many devices as possible. So far, the rat creates more than 2,000 new infections each week and targets mostly units in Portugal, Spain, France, Morocco, Peru and Hong Kong.
Playpraetor is apparently a Chinese piece of malware, Hacker News reports. With reference to previous research, the publication claims that there are “thousands” of fake Google Play Store -Download pages, advertised through Meta ads and SMS messages, in an attempt to reach as large audiences as it can. So far, the researchers discovered five different variants of Playpraetor, among them called Phantom and a variant called phish.
Hundreds of counterfeit apps
Those who end up installing malware can expect to lose their bank details have their clipboard track and their keystrokes/taps logged. Currently, PlayPreator can mimic more than 200 bank apps and cryptocurrency books as it delivers an overlay that steals login credentials.
In addition to pretending to be actual apps, malware is also distributed through fake progressive web apps (PWA) as well as webView-based apps. The latter was observed in the phish variant, while Phantom, for example, utilizes accessibility services to gain sustained access.
This variant also gives attackers the opportunity to perform fraud on device and is apparently run by two affiliated companies that control nearly two -thirds of the botnet (about 4,500 final points).
To defend against such attacks, the best course of action is to be careful when downloading apps, and only go for those listed at official storage sites, such as the Play Store. Even there, users only have to go to apps developed by well -established brands that have thousands of downloads and positive reviews.
Via Hacker the news
