Fake cryptocurrency wallets found on Play Store

Attackers are not only interested in mobile banking credentials and credit cards information to get access to victim’s funds, but also in cryptocurrency. Recently, I found four fake applications on Google Play Store that tried to trick users either in to luring their credentials or impersonating cryptocurrency wallets. These threats imitate legitimate services for NEO,

Continue reading Fake cryptocurrency wallets found on Play Store

Malware discovered on Google Play with over 5,000 installs was available to download for almost a year

I found a Trojan on Play Store available for download almost for a year. Its malicious functionality was hidden inside “Simple Call Recorder” application published by “FreshApps Group”. The main purpose was to download an additional app and trick the user into installing it as Flash Player Update. Simple Call Recorder was uploaded on Google

Continue reading Malware discovered on Google Play with over 5,000 installs was available to download for almost a year

Video analysis of Android banking Trojan found on Google Play

Android threat that steals victim login credentials for mobile banking applications was recently found on Google Play. App “Easy Rates Converter” was available on the Store for six days and downloaded over 500 times before it was removed. This Trojan lures victims into inserting their login credentials for social media, mobile banking and cryptocurrency apps.

Continue reading Video analysis of Android banking Trojan found on Google Play

Android banking malware found on Google Play with over 10,000 installs targets Brazil

New Android malware banking family was recently found targeting users from Brazil. Trojans are distributed not only through Google Play store but also on Facebook through promoted ads. Android banker impersonates a performance improving app called “Clean Droid” with over 500 installs, a Facebook monitor app “Quem viu teu perfil” with over 10,000 installs and

Continue reading Android banking malware found on Google Play with over 10,000 installs targets Brazil

Trending app from Google Play has no other functionality than displaying ads

I found over 50 malicious apps on Play Store with all together over 350,000 installs. Some of these apps are already removed from market place but many of them are still available to download. Apps has been on the Store for the last couple of months. Most of these apps are designed for kids as

Continue reading Trending app from Google Play has no other functionality than displaying ads

Video analysis of Android SMS worm spying on victims

This Spy has been spreading for the last couple of months using new registered domains leading to download Android malware. This threat impersonates fake Sagawa service. Contains worm spreading capabilities via text messages and could be threat to victim’s mobile banking services. Based on commands from attacker, it can download additional payload and make user

Continue reading Video analysis of Android SMS worm spying on victims

Banking Trojan found on Google Play stole 10,000 Euros from victims

[UPDATE]Based on official statement of Czech police QRecorder app had five victims in Czech Republic with already stolen over 78,000 Euros from their accounts all together.Police already have identikit and pictures from ATM security camera of a money mule withdrawing money from one of the Prague ATM from affected victims accounts. Recently was discovered Android

Continue reading Banking Trojan found on Google Play stole 10,000 Euros from victims

Ad revenue business: Developer pays you in cryptocurrency to watch ads

A couple days ago I was approached by @MalwareHunterBR with a scam Android app they found on Google Play. They sent me a link to an app called Free Ethereum Spinner which they suspected would most likely be a scam. I thought, yes, it’s another free giveaway cryptocurrency scam. However, this app had over 100,000

Continue reading Ad revenue business: Developer pays you in cryptocurrency to watch ads

Phishing attack at Raiffeisen Bank by MazarBot

Yesterday I discovered phishing campaign targeting clients of Raiffeisen Bank by popular and still active Android banking Trojan – MazarBot. This infiltration targets German speaking users and makes them download fake Raiffeisen Security App.   Last time I wrote about MazarBot it was year and a half ago, however it is still spreading using different

Continue reading Phishing attack at Raiffeisen Bank by MazarBot