Malicious software occasionally makes its way into the Google Playstore unnoticed. You must always take care when downloading apps from publishers that are not well-known.
According to Cleafy labs, the Trojan app, which was downloaded more than 10,000 times from Google Play across the globe, secretly installed a remote access trojan that collected users’ passwords, text messages, and other private data.
This trojan, known as Teabot or Anatsa, was initially discovered in May of last year and has since returned and was able to pass Google’s security check.
Google has now deleted the malicious app from the Play Store, although it has been downloaded several thousand times. When it is installed, it instantly asks for an update and installs a second app called “QR Code Scanner: Add-On”, which does the actual malicious data collection. The update does not take place via Google Play, which explains why Google did not flag the original app as harmful.
We strongly advise you to verify that the apps “QR Code & Barcode – Scanner” and “QR Code Scanner: Add-On” or similar apps are not installed on your device. If they are- delete them immediately, and check your banking/insurance/crypto accounts for any unwanted transactions, and perhaps change your login credentials for any accounts that you access using your phone.