Home / Advisory / ‘Wallet Draining’ Malware found to have been infecting Android Users, is your phone also infected?

‘Wallet Draining’ Malware found to have been infecting Android Users, is your phone also infected?

Posted on
Cyber Secure India

A few good recce-warriors or Android Watchers have been able to identify the next batch of Unsuspected Android Apps being used by attackers to push in Malware, this then takes the user to a new web page and collect the required data from there. This information is then used as a means of compromising the phone, other than causing other intended damages. The modus-operandi of the ‘Wallet Draining’, is akin to many of the planned attacks through Mobile Apps. Once installed, most apps will try to hide, changing their appearance in the app drawer to that of a system app. Through this means, the attacker strategies to use the advertisement for premier services, thereby discouraging the user from uninstalling them. Then, the apps would push ads, and try to sign-up the victim to various premium services, these services are then at an additional cost, which the user is enticed to give-in. Apps with such malware get in through legitimate utility Apps; to include: wallpapers, keyboards, photo editors, video editors, cache cleaners, system maintenance, etc.

The Android Watchers and Researcher have observed that these ‘Wallet Draining’ Malware apps have more than 10 million downloads from the play store (till date). These researchers have also reported the matter to Google, which has resulted in the removal of 28 such apps from the Google Play Store. However, there are even larger number present still in the Play Store. Also, if the core code is still existent in the Android Phone, the user is again prompted to download the apps, if the same has been uninstalled (prompted in the form of advertisement), and users inadvertently click to again install the apps.

With malicious apps getting good at hiding in plain sight, downloading exclusively from known sources is no longer the only advice. Users should also read through the reviews, as they are a good indicator of the apps’ legitimacy. Also, make sure to check there are plenty of reviews, as threat actors can sometimes spoof some of them. If an app only has a handful of reviews, it’s best to stay away. 

Here is the full list of malicious apps discovered by the researchers:

Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)

Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)

Photo Editor: Art Filters (gb.painnt.moonlightingnine)

Photo Editor – Design Maker (gb.twentynine.redaktoridea)

Photo Editor & Background Eraser (de.photoground.twentysixshot)

Photo & Exif Editor (de.xnano.photoexifeditornine)

Photo Editor – Filters Effects (de.hitopgop.sixtyeightgx)

Photo Filters & Effects (de.sixtyonecollice.cameraroll)

Photo Editor : Blur Image (de.instgang.fiftyggfife)

Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)

Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)

Neon Theme Keyboard (com.neonthemekeyboard.app)

Neon Theme – Android Keyboard (com.androidneonkeyboard.app)

Cashe Cleaner (com.cachecleanereasytool.app)

Fancy Charging (com.fancyanimatedbattery.app)

FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)

Call Skins – Caller Themes (com.rockskinthemes.app)

Funny Caller (com.funnycallercustomtheme.app)

CallMe Phone Themes (com.callercallwallpaper.app)

InCall: Contact Background (com.mycallcustomcallscrean.app)

MyCall – Call Personalization (com.mycallcallpersonalization.app)

Caller Theme (com.caller.theme.slow)

Caller Theme (com.callertheme.firstref)

Funny Wallpapers – Live Screen (com.funnywallpapaerslive.app)

4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)

NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)

Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)

Notes – reminders and lists (com.notesreminderslists.app)

How to identify if your phone is installed with a ‘Wallet Draining’ malware:

The Apps in the Play Store of Google, should not be assumed to be ‘safe app’. The habit of review, for any of the apps, is a must, prior to installation on your phone. So is the review of permissions, that are granted to the App while installation. Avoid encouraging the core app prompting installation of a new app. Uninstall those apps that throw up frequent advertisements and ‘click prompts’. Find the source owner/sponsorer of the App, and carry out a review of its company fundamental/legitimacy. As much as possible, avoid the ‘auto-update’ option for Apps Updates on your phone.

%d bloggers like this: