An analysis report released by CTM360, a cybersecurity company based in Bahrain, has identified a new threat – the PlayPraetor trojan. PlayPraetor is an Android trojan that is being spread through thousands of malicious websites designed to look like trusted, legitimate sources such as the Google Play Store.
Instead of being official pages, these fake ones prompt users to download an app as a malicious APK file that requests dangerous permissions such as access to accessibility services.
Researchers point out that while this may seem benign, it actually enables the threat actors to capture both screen content and monitor keystrokes to collect data like login credentials and clipboard activity. This allows the hackers to engage in further malicious actions like account takeovers, personal data harvesting, ransomware attacks and more.
So far, CTM360 has identified over 6,000 fraudulent websites that are mimicking legitimate pages. The malicious websites are being distributed through Meta Ads and SMS messages.
In addition to acting as spyware to capture keystrokes and clipboard activity, the malware can also target a specific list of banks by searching for banking apps on an infected device. It sends a list of these apps back to the attacker's server, and waits for an opportunity to steal banking credentials from the victim.
How to stay safe from PlayPraetor
CTM360 says the links to the impersonated Google Play Store pages are distributed through Meta Ads and SMS messages to effectively reach a wide audience, so be wary of any links sent through those methods. The domain names of the malicious pages ARE designed to closely resemble that of the actual page, including logos and icons, so closely look at the site you're on to make sure it's the correct page, spelled correctly with the right images and also check its URL.
Additionally, the company specifically mentions that deceptive ads and messages are used to trick users to click on the links, in order to lead them to fraudulent domains hosting the malicious APKs. This means that the usual rules to avoid phishing tricks apply: be wary of anything that tries to apply pressure, or a sense of urgency, anything that offers a "too good to be true" style appeal for a free or exclusive deal or anything that may pressure you into a quick decision.
Lastly, as these sites request dangerous permissions from the user, be very suspicious of any app download that requests too many permissions from your device – especially if it's asking for accessibility services that don't seem necessary for the app in question to function.
Remember that many of the best antivirus software solutions will offer protection for your mobile devices as well, so make sure you have selected one of them and included your smartphone in the package. However, you can also use one of the best Android antivirus apps designed specifically for your smartphone. Likewise, you also want to ensure that Google Play Protect is enabled as this free, built-in security app can scan all of your existing apps or any new ones you download for malware.
Hackers and other cybercriminals will likely keep using tactics similar to the ones described in the campaign above. This is why you need to be extra careful when installing any app and avoid sideloading apps from unofficial app stores or websites at all costs.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
