The team from Quick Heal Security Labs found that malware authors were misusing the official apps with trojan to steal users’ banking credentials.
“Threat actors use reliable tools to deploy payload and third-party app stores for distribution of these fake apps,” the researchers said in a statement.
Attackers primarily target the app stores, where both free and paid apps are available.
They use different tools like firebase or GitHub to deploy these fake apps and different app markets like QooApp, Huawei, etc. for effective publishing and distribution among a large base of users.
“While threat actors are always seeking opportunities to compromise users, it is extremely critical to stay alert at every point possible,” the team said.
They advised not to open links shared through messages or on social media platforms.
“Check for grammar errors in the app descriptions as attackers usually use wrong English,” they noted.
Since reviews and ratings can also be fake, focus more on reviews with low ratings.
“Avoid approaching to third-party app stores for downloading apps or through links shared via SMSs, emails and WhatsApp. These avenues don’t invest in security and hence make space for any type of app, including the infected ones,” the researchers said.