PlayPraetor Trojan

[Snailsoft]

They held countless Charlie Chaplin contests. Dad told me about one of these that had taken place before I was born. It was at Grauman's Chinese Theatre in Hollywood, and there were thirty or forty people on the stage doing their best to imitate Dad. Dad was one of them. He'd gone up incognito to see how he would fare. He came in third. Dad always thought this one of the funniest jokes imaginable—whether on him or the judges or both, I don't know. : by Charles Chaplin Jr., "My Father, Charlie Chaplin,"

Will the real Play Store website please step forward?
Over 6,000 malicious sites are spreading the PlayPraetor Trojan and they are using web pages hosted on Play Store.

An analysis report released by CTM360, a cybersecurity company based in Bahrain, has identified a new threat – the PlayPraetor trojan. PlayPraetor is an Android trojan that is being spread through thousands of malicious websites designed to look like trusted, legitimate sources such as the Google Play Store.

Instead of being official pages, these fake ones prompt users to download an app as a malicious APK file that requests dangerous permissions such as access to accessibility services.

Researchers point out that while this may seem benign, it actually enables the threat actors to capture both screen content and monitor keystrokes to collect data like login credentials and clipboard activity. This allows the hackers to engage in further malicious actions like account takeovers, personal data harvesting, ransomware attacks and more.

So far, CTM360 has identified over 6,000 fraudulent websites that are mimicking legitimate pages. The malicious websites are being distributed through Meta Ads and SMS messages.

In addition to acting as spyware to capture keystrokes and clipboard activity, the malware can also target a specific list of banks by searching for banking apps on an infected device. It sends a list of these apps back to the attacker's server, and waits for an opportunity to steal banking credentials from the victim.

CTM360 says the links to the impersonated Google Play Store pages are distributed through Meta Ads and SMS messages to effectively reach a wide audience, so be wary of any links sent through those methods. The domain names of the malicious pages ARE designed to closely resemble that of the actual page, including logos and icons, so closely look at the site you're on to make sure it's the correct page, spelled correctly with the right images and also check its URL.

Additionally, the company specifically mentions that deceptive ads and messages are used to trick users to click on the links, in order to lead them to fraudulent domains hosting the malicious APKs. This means that the usual rules to avoid phishing tricks apply: be wary of anything that tries to apply pressure, or a sense of urgency, anything that offers a "too good to be true" style appeal for a free or exclusive deal or anything that may pressure you into a quick decision.

Lastly, as these sites request dangerous permissions from the user, be very suspicious of any app download that requests too many permissions from your device – especially if it's asking for accessibility services that don't seem necessary for the app in question to function.

Remember that many of the best antivirus software solutions will offer protection for your mobile devices as well, so make sure you have selected one of them and included your smartphone in the package. However, you can also use one of the best Android antivirus apps designed specifically for your smartphone. Likewise, you also want to ensure that Google Play Protect is enabled as this free, built-in security app can scan all of your existing apps or any new ones you download for malware.

Hackers and other cybercriminals will likely keep using tactics similar to the ones described in the campaign above. This is why you need to be extra careful when installing any app and avoid sideloading apps from unofficial app stores or websites at all costs.