The Zscaler ThreatLabz research team has revealed that over 200 apps on the Google Play Store, which have been downloaded nearly eight million times, are malicious.
The report highlights that Nigeria is one of the top 10 countries targeted by mobile malware attackers, alongside India, the United States, Canada, South Africa, the Netherlands, Mexico, Brazil, Singapore, and the Philippines.
“Even apps from official stores like the Google Play Store have been compromised. Over 200 malicious apps, which collectively received nearly eight million downloads, were uploaded to the platform. Google confirmed that these apps have been removed following their identification,” according to the cybersecurity report.
According to Zscaler, with 96.5% of internet users accessing the web through their phones, cyber threats on mobile platforms have surged. Zscaler’s report, based on 20 million blocked malicious transactions, indicates a 29% rise in banking malware attacks over the past year, while incidents of mobile spyware have spiked by a staggering 111%.
The report attributes this sharp increase to the high profitability of cyberattacks. Many cybercriminals have developed methods to bypass multi-factor authentication (MFA), often exploiting phishing techniques. Fake login pages for financial institutions, social media platforms, and cryptocurrency wallets are commonly used tactics. Additionally, QR codes have emerged as another attack vector, with the notorious Android banking malware, Anatsa, utilising them to target banking apps from over 650 financial institutions worldwide.
Among the identified malicious apps, the most prevalent malware family was Joker, accounting for 38% of the identified threats. Joker is a type of Wireless Application Protocol (WAP) fraud that silently subscribes users to premium services without their knowledge, leading to unexpected charges. Other threats include adware, which constituted 35% of observed threats, and “Facestealers,” malware designed to exfiltrate Facebook credentials, which comprised 14% of malicious apps.
“Trojans continue to dominate the Android threat landscape, accounting for 43% of all malicious payloads. Banking malware, in particular, heavily relies on trojans, with Zscaler blocking 3.6 million threats associated with these types of attacks,” according to authors of the report.
ThreatLabz reveals that cybercriminals often disguise malicious apps as useful tools such as PDF readers, QR code readers, file managers, and translators. These decoy applications act as loaders, deploying more harmful malware like Anatsa, also known as TeaBot. Many of these apps are crafted to appear legitimate, deceiving users into downloading second-stage payloads that further compromise their devices.
Despite the alarming rise in mobile malware incidents, researchers noted a recent decline in Android malware activity. By May 2024, the number of blocked malicious transactions had dropped to one-third of the figures recorded in June 2023. Nevertheless, Zscaler said it continues to record an average of 1.7 million Android malware blocks per month over the past year, based on an analysis of over 20 million threat-related mobile transactions.