The following applications (with millions of downloads) contain Trojan malware, stealing user data - here is the complete list, delete them immediately!

Russian cybersecurity company . exposed multiple applications on , which contain complex Trojans .. (also known as /). These applications claim to offer practical functions such as financial tools, planners, and recipe books, but they include hidden payloads that redirect users to unwanted websites, jeopardizing their data. Worse still, over 10 million users downloaded these infected applications from without their knowledge.

Malicious software in official stores is nothing new. In fact, last month's reports showed an increase in malicious apps on both and . One infected app was downloaded over million times, and recent user reviews have expressed dissatisfaction with its functionality (screenshot source: .).

.. is part of the Trojan family, which typically redirects users to different websites disguised as legitimate applications. However, this variant is particularly noteworthy because it relies on a modified library that allows it to receive commands from a malicious server, which then provides the target link. This target link, which is not the advertised functionality of the application, is displayed on the user's screen, usually disguised as an online casino or an unrelated website.

According to the report, the malware activates only under specific conditions. If the infected device connects to the internet through a designated mobile data provider, the server will send an application a configuration containing a link that loads within the application's interface. When not connected to the target network, the application operates as intended, making it difficult for users to detect.

In [Year] [Month], a Trojan virus was first discovered in a fake [App Name] application. Subsequently, in [Year] [Month], the same malware targeted [User Group] to steal data. In [Year] [Month], just as the official version was set to be released that summer, a fake [Mobile Game Name] mobile game was spreading the Trojan virus.

Number of infected apps and downloads

These apps claim to be practical tools, including personal finance and productivity apps, cooking, and recipe collection, among others. However, once launched, these apps connect to a server to retrieve configurations containing website links to be displayed.

The investigation revealed that multiple apps in the store (some of which had high download numbers) were infected with malware. Although some of these apps have been removed, millions of users had already installed them before their removal. Below is the list of apps identified by malware analysts and their respective download numbers:

  • Application Name: Downloads: ,,+ (as of the time of writing on)
  • App Name: Download Count:,+ (as of the time of writing on )
  • App Name: – Downloads:,+ (as of the time of writing on )
  • Application Name: Downloads:,+ (deleted)
  • Application Name: Download Count:,+ (as of the time of writing on )
  • Application Name: Downloads: + (as of the time of writing on )
  • Application Name: Downloads:,+ (as of the time of writing on )
  • Application Name: Download Count: + (as of the time of writing on )
  • Application Name: Download Count:,+ (Deleted)
  • Application Name: Download Count: + (as of the time of writing on )
  • Application Name: Download Count: ,+ (deleted)

.. 的运作方式

Once downloaded, the Trojan will collect specific data from the user's device, such as:

  1. Screen size
  2. Equipment model and brand
  3. battery percentage
  4. Developer setting status
  5. Device, including installation time and a random number.

These data are encoded into a unique subdomain, allowing the server to tailor its response for each infected device. When the device meets the connection criteria, it retrieves and decrypts data from the server, ultimately loading a link that redirects to an undesirable website (typically an online casino). The decryption process involves reversing and decoding the data, then decompressing it to reveal sensitive configuration details.

Suggestions for users

Given the high number of downloads, users should take immediate steps to protect themselves. First and foremost, it is crucial to delete all infected applications. Uninstall any applications on the list or similar ones exhibiting suspicious behavior to minimize potential security risks. Additionally, read the reviews of these applications; many users have left negative reviews, indicating that these apps send spam ads and cause their devices to freeze, allowing malware to run in the background.

Next, using trusted security software and regularly checking app permissions is another important step. Users should review the permissions requested by apps and avoid any unnecessary access that could compromise device security. Additionally, regularly updating devices and apps can help prevent certain types of malware infections, as updates often include critical security patches.

Nevertheless, even when using official sources, please download with caution. Checking app permissions and reading user feedback before downloading can help identify potential red flags and avoid using risky applications.

author-gravatar

Author: Emma

An experienced news writer, focusing on in-depth reporting and analysis in the fields of economics, military, technology, and warfare. With over 20 years of rich experience in news reporting and editing, he has set foot in various global hotspots and witnessed many major events firsthand. His works have been widely acclaimed and have won numerous awards.

This post has 5 comments:

Leave a comment: