- Meta Ads and an SMS campaign is driving traffic to hundreds of fake Play Store pages
- There, victims download fake apps that carry the PlayPraetor malware
- The malware can log keystrokes, grab credentials, and monitor the clipboard
More than 11,000 Android devices were recently infected by a new variant of the PlayPraetor remote access trojan (RAT).
This is according to cybersecurity researchers Cleafy, who said that there is an ongoing, aggressive campaign to distribute the malware to as many devices as possible. So far, the RAT creates more than 2,000 new infections every week, targeting mostly devices in Portugal, Spain, France, Morocco, Peru, and Hong Kong.
PlayPraetor is apparently a Chinese piece of malware, The Hacker News reports. Citing previous research, the publication claims there are “thousands” of fake Google Play Store download pages, advertised through Meta Ads and SMS messages, in an attempt to reach as big of an audience as it can. So far, the researchers spotted five distinct variants of PlayPraetor, among which is one called Phantom, and a variant called Phish.
You may like
Hundreds of spoofed apps
Those that end up installing the malware can expect to lose their banking credentials, have their clipboard tracked, and their keystrokes/taps logged. At the moment, PlayPreator can impersonate more than 200 banking apps and cryptocurrency wallets, as it delivers an overlay that steals the login credentials.
Besides pretending to be actual apps, the malware is also distributed through fake Progressive Web Apps (PWA), as well as WebView-based apps. The latter was observed in the Phish variant while Phantom, for example, exploits accessibility services to obtain persistent access.
This variant also grants the attackers the ability to conduct on-device fraud and is apparently operated by two affiliates who control almost two-thirds of the botnet (around 4,500 endpoints).
To defend against such attacks, the best course of action is to be careful when downloading apps, and only go for those listed on official repositories such as the Play Store. Even there, users should only go for apps developed by well-established brands, which have thousands of downloads and positive reviews.
Via The Hacker News
