Google Play Detected Viral APPs That Can Steal Your Payment Data

There are applications in the Google Play store that embed new viruses that can steal the victim’s personal data, including mobile operator code, phone number, text messages, IP-address, etc. According to security researchers, Google Play has a group of mobile apps that steal users’ data after installation and then establish an internet connection to remote servers and make purchases at the victim’s expense.

The virus has already been detected in eight apps available for download on Android devices. In total, apps with viruses have been downloaded more than 700,000 times. Worst of all, the malware also gained unauthorized access to the victim’s payment data.

The main installation file downloaded from Google Play contained code that opened the encrypted “1.png” file and unzipped it using a key that matched the package name. After that the resulting file “loader.dex” was launched, which made an HTTP POST request to the C2 server.