skip to Main Content

Android malware dropper Flaga Polski is back on Google Play Store

The Android malware dropper Flaga Polski is back on Google Play Store. This despite it was discovered and removed last year. It’s goal is to spread the Anubis banking trojan

The Android malware dropper Flaga Polski is back, ready to spread the Anubis banking trojan. Some cyber security experts discovered that the malicious app has appeared again on Google Play Store, after it was banned last year following the infection scattered through the digital distribution service. Witold Precikowski wrote a Twitter post, in which he denounces: “Unbelievable, it just happened again! Android malware dropper Flaga Polski again on Google Play. First time it was seen in May 2018”. Furthermore, there could be another one with similar name, but with different command & control (C2) server. IBM X-Force mobile malware researchers have observed several developers actively uploading Android malware downloaders last year. This, monitoring banking malware activity in official app stores. One of them was just Anubis. Cybercrime use it to facilitate financial fraud by stealing login credentials to banking apps, e-wallets and payment cards.

The mobile infection chain is analogous of the one of last year. But today the malicious app is on top in Google Play researches, because promoted by the cybercrime. Beware!

The cyber security researchers last year discovered that the Anubis malware campaign featured at least 10 malicious downloaders, disguised as various applications, all of which were mobile banking Trojans that run on Android-based devices. And one of these was Flaga Polski. The new cyber attack scheme of the cybercrime app is analogous to the one of 2018. In the first stage, the user downloads the application from the Google Play Store to his Android device. After installing, the app will eventually download an application containing BankBot Anubis malware and request its installation. When running the legitimate banking applications, the malware displays fake overlays. Cyber criminals using them intercept the banking and wallet credentials of the victim. Moreover, Flaga Polski is promoted on the digital distribution service. So, in researches in the first place. This increases the chance that the users will choose and install it on their mobile devices.

Back To Top