{“lastseen”:”2025-08-27T14:39:07″,”description”:”Google has removed 77 malicious apps from the Google Play Store. Before they were removed, researchers at ThreatLabz discovered the apps had been installed over 19 million times.\\n\\nOne of the malware families discovered by the researchers is a banking Trojan known as Anatsa or TeaBot. This banking Trojan is a highly sophisticated Android malware, which focuses on stealing banking and cryptocurrency credentials.\\n\\nAnatsa is a classic case of mobile malware rapidly adapting to security research progress. Its stealth tactics, exploitation of accessibility permissions, and ability to shift between hundreds of financial targets make it an ongoing threat for Android users worldwide.\\n\\nAlso found by the researchers were several types of adware. However, the largest chunk of malicious apps belonged to the Joker malware family, which is notorious for its stealthy behavior. It steals SMS messages, contacts, device info, and enrolls victims in unwanted premium services, which can result in financial losses.\\n\\nThe malware is installed like this:\\n\\n * It gets added to the Play Store as a benign app with useful and sought-after functionality (e.g. document readers, health trackers, keyboards, and photo apps).\\n * Once installed, the app acts as a \u201cdropper\u201d which connects to a remote server for instructions and additional payloads, which often ends in the installation of information stealers.\\n * Anatsa\u2014specifically\u2014uses several methods to avoid detection, such as a well-known Android APK ZIP obfuscator, and downloading each new chunk of code with a separate DES key.\\n\\n\\n\\nGoogle says it picked up on the flaws and protected against these malware infections before the researchers published their report.\\n\\nAs a consequence, Google Play Protect may send users of the removed apps a push notification, giving them the option to remove the app from their device.\\n\\nBut don\u2019t let that be your only line of defense. We found that Android users are more careful than iPhone users. Let\u2019s keep that up!\\n\\n## How to protect your Android from malicious apps\\n\\nJust because something is in the Google Play Store, there is no guarantee that it will remain a non-malicious app. So here are a few extra measures you can take:\\n\\n * Always check what permissions an app is requesting, and don\u2019t just trust an app because it’s in the official Play Store. Ask questions such as: Do the permissions make sense for what the app is supposed to do? Why did necessary permissions change after an update? Do these changes make sense?\\n * Occasionally go over your installed apps and remove any you no longer need.\\n * Make sure you have the latest available updates for your device, and all your important apps (banking, security, etc.)\\n * Protect your Android with security software. Your phone needs it just as much as your computer.\\n\\n\\n\\nMalwarebytes for Android detects Anatsa as Trojan.Banker.CPL.\\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2025-08-27T12:01:52″,”modified”:”2025-08-27T12:01:52″,”type”:”malwarebytes”,”title”:”77 malicious apps removed from Google Play Store”,”source”:””,”references”:””,”id”:”MALWAREBYTES:FABAF7D37A0F4D674B7FA27958AC7F0D”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/08\/77-malicious-apps-removed-from-google-play-store”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-27T14:39:07″,”description”:”Google has removed 77 malicious apps from the Google Play Store. Before they were removed, researchers at ThreatLabz discovered the apps had been installed over…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-14526","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n