Be Aware of these Malware Droppers from Google Play Store

December 2, 2021 - Researchers from Threat Fabric uncovered a batch of apps that were downloaded from Google Play more than 300,000 times before the apps were revealed to be banking trojans.

While Google earlier this month instituted limitations to restrict the use of accessibility permissions that allow malicious apps to capture sensitive information from Android devices, such apps are increasingly refining their tactics by other means even when forced to choose the more traditional way of installing apps through the app marketplace.


A noticeable trend in the new dropper campaigns is that actors are focusing on loaders with a reduced malicious footprint in Google Play, considerably increasing the difficulties in detecting them with automation and machine learning techniques.


The 12 identified malicious Android apps are:

  • Two Factor Authenticator (com.flowdivison)

  • Protection Guard (com.protectionguard.app)

  • QR CreatorScanner (com.ready.qrscanner.mix)

  • Master Scanner Live (com.multifuction.combine.qr)

  • QR Scanner 2021 (com.qr.code.generate)

  • QR Scanner (com.qr.barqr.scangen)

  • PDF Document Scanner - Scan to PDF (com.xaviermuches.docscannerpro2)

  • PDF Document Scanner Free (com.doscanner.mobile)

  • CryptoTracker (cryptolistapp.app.com.cryptotracker)

  • Gym and Fitness Trainer (com.gym.trainer.jeux)

More details on Threat Fabric analysis can be located here.