Over 11,000 Android devices hit by fake login RAT hidden in Meta Ads and fake Google Play store

Meta Ads and an SMS campaign is driving traffic to hundreds of fake Play Store pages
There, victims download fake apps that carry the PlayPraetor malware
The malware can log keystrokes, grab credentials, and monitor the clipboard

More than 11,000 Android devices were recently infected by a new variant of the PlayPraetor remote access trojan (RAT).

This is according to cybersecurity researchers Cleafy, who said that there is an ongoing, aggressive campaign to distribute the malware to as many devices as possible. So far, the RAT creates more than 2,000 new infections every week, targeting mostly devices in Portugal, Spain, France, Morocco, Peru, and Hong Kong.

PlayPraetor is apparently a Chinese piece of malware, The Hacker News reports. Citing previous research, the publication claims there are “thousands” of fake Google Play Store download pages, advertised through Meta Ads and SMS messages, in an attempt to reach as big of an audience as it can. So far, the researchers spotted five distinct variants of PlayPraetor, among which is one called Phantom, and a variant called Phish.

Hundreds of spoofed apps

Those that end up installing the malware can expect to lose their banking credentials, have their clipboard tracked, and their keystrokes/taps logged. At the moment, PlayPreator can impersonate more than 200 banking apps and cryptocurrency wallets, as it delivers an overlay that steals the login credentials.

Besides pretending to be actual apps, the malware is also distributed through fake Progressive Web Apps (PWA), as well as WebView-based apps. The latter was observed in the Phish variant while Phantom, for example, exploits accessibility services to obtain persistent access.

This variant also grants the attackers the ability to conduct on-device fraud and is apparently operated by two affiliates who control almost two-thirds of the botnet (around 4,500 endpoints).

To defend against such attacks, the best course of action is to be careful when downloading apps, and only go for those listed on official repositories such as the Play Store. Even there, users should only go for apps developed by well-established brands, which have thousands of downloads and positive reviews.

Via The Hacker News

What's Hot

German state replaces Microsoft Exchange and Outlook with open-source email

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

The most important Intel Panther Lake updates are the least talked about – I’ll explain

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

I thought the Bose QuietComfort headphones already hit their peak – then I tried the newest model

Samsung Galaxy Z Fold 7 vs. Google Pixel 10 Pro Fold: We compared the two, and here’s the verdict

The Reason Murderbot’s Tone Feels Off

Start Saving Now: An iPhone 17 Pro Price Hike Is Likely, Says New Report

CNET’s Daily Tariff Price Tracker: I’m Keeping Tabs on Changes as Trump’s Trade Policies Shift

Most Popular