Banking Trojan on Google Play. The virus is cleverly hidden

Cybersecurity experts have detected a dangerous banking Trojan in the Google Play Store. The virus is similar to the Joker or Harly Trojans and can cause a lot of damage to our phones.

Coper banking trojan

The new threat was discovered by security researchers from Zscaler ThreatLabz. According to reports, the virus impersonates the FileFusion PDF File Manager application. It is available in the official Google Play store, where it has over a thousand downloads.

Under the guise of an office application that allows users to open popular PDF files, the program installs the Coper banking Trojan. Interestingly, this is done directly from GitHub – a popular website for programmers.

Coper is a dangerous virus that can impersonate banking applications and extract phone user data. He may, among other things, intercept our SMS messages (including those with one-time codes), record keystrokes, display overlays over real applications, imitate other apps, and recover confidential data from the device’s memory.

Trojans in mobile games for children

As we wrote in Wprost.pl, recently Hiddad and Andreed viruses, impersonating mobile video games, have been spreading on Google Play. Specialists from the security company ESET warn that these campaigns seem to be aimed at younger people, who may be less cautious and aware than adults.

Fake games can be expertly hidden in the app store, with good ratings and a large number of positive comments. However, these may be issued by online bots. Analyst Martin Jirkal warns that not every fake game contains banking Trojans, but clones of popular applications are usually created to make money.

Some of them contain “only” adware, i.e. software that displays an often absurd number of mobile ads in order to generate profit for the authors. As a general rule, we should not install games of questionable origin and keep an eye on what software our children install on their or our phones.