How Hackers Tricked 300,000 Android Users into Downloading Password-Stealing Malware

A recent cybersecurity report revealed that over 300,000 Android users installed trojan apps that secretly stole their banking information. While the apps have been removed and deactivated, the developers used unique methods to deploy the malware that all Android users need to be wary of. They include QR scanners, PDF scanners, fitness trackers, and crypto apps. Unlike other fake apps that falsely advertise their features, many of the apps in this batch of malicious Android software worked as intended, but behind the scenes the apps were stealing passwords and other user data. There are a few things you can do to keep your devices and data safe from similar malware apps. First, always pay attention to the permissions an app asks for — and not just the first time it’s installed, but whenever you run or update it. Delete and report the app if anything it does seems suspicious or unnecessary. There’s no reason a QR code scanner needs access to your accessibility services, for example. Similarly, only install updates directly from the Google Play Store. If an app says it requires a sudden update but you don’t see one listed in the Play Store app, it may not be a legitimate patch. While these strategies aren’t guaranteed to prevent all malware attacks, if you couple them with other cybersecurity practices like using unique passwords protected by an encrypted password manager, multi-factor authentication (requiring a code sent to your phone), and reliable anti-malware and antivirus apps, you’ll be much better protected from bad actors and bad apps in the future.