With the currently underway kerfuffle encircling Apple’s App Store rules — such as Spotify’s chief legal officer Horacio Gutierrez going on a media tour in recent weeks, whining that Apple is a “ruthless bully” to anybody who will listen — it’s hard not to believe that the iPhone maker would want to point to instances like the folly – dangerous Android apps.
Cybercriminals have started deploying fake versions of malicious Android apps to transmit malware to users, according to cybersecurity specialists at Bitdefender. Teabot virus, also known as “Anatsa,” allows a hacker to completely take control of a victim’s Android device and steal their banking and other personal information using keyloggers.
Apple maintains that it is so stringent about accepting apps into the App Store and how those apps can be marketed in part to avoid situations like these. While the Google Play Store is undoubtedly better today than it has ever been in terms of preventing questionable apps from entering the Android app store, there are still workarounds.
Based to an early analysis report, the Teabot malware “can carry out overlay attacks via Android Accessibility Services, intercept communications, do different keylogging operations, and steal Google Authentication codes,” the Bitdefender researchers write in a June 1 commentary.
“Criminals welcome the opportunity to spread malware directly from app stores, but that isn’t easy. Instead, they go for the next available method — imitating top-rated apps in the hopes of tricking at least some users into downloading and installing their malicious versions.”
The malicious Android apps list, as per Bitdefender’s research, comprise audiobook players, an open-source media player, and antivirus apps, to mention a few. To deceive users, the names and logos are designed to resemble the actual thing. It’s worth noting that the commencement of this malicious Android app campaign was also in December 2020, and the Bitdefender investigation mentions the following fake Android apps list as being used:
Instead than being offered through the Play Store, some apps – dangerous Android apps – are hosted on third-party websites. Bitdefender stresses,
“The campaign to distribute these apps in the wild remains active. Bitdefender has identified a strange distribution method with attackers using a fake Ad Blocker app that acts as a dropper for the malware. It’s just one new distribution method. We suspect others are used, but they remain unknown for the time being.”