Security News

Fake apps on Google, data breaches around the globe

Avast Security News Team, 13 July 2018

A banking Trojan uses downloaders to infect Androids and data breaches hit Ticketmaster UK, the Timehop app, and Macy’s.

Fake apps on Google Play open the door for BankBot Anubis

Mobile users in Turkey, beware. IBM cybersecurity researchers announced this week that they’ve discovered at least ten fake apps on the Google Play Store that seem to be a unified campaign to spread the banking Trojan BankBot Anubis, which is designed to steal bank login credentials, payment card numbers, and e-wallet info.   

The Trojan itself is not preloaded on the fake apps. Instead, the apps are infected with the more grey-area malware known as downloaders. “A downloader just downloads and installs software, or malware,” explains Avast Security Evangelist Luis Corrons, “which poses no big difference to many other legit software apps and can make it into the Google Play Store undetected. In Q2 2018, one out of every four infections blocked by Avast Mobile Security was a downloader. That’s why downloaders are really popular among cybercriminals — payloads can be changed at will. They can be distributing a banking Trojan now, and then ransomware a minute later.”

While the downloaders in this campaign target Turkish users only, experts warn that BankBot Anubis can wreak havoc around the globe if it spreads. All malicious apps were reported to Google for removal. If you worry that you may be at risk, a strong cybersecurity software like Avast Antivirus protects against BankBot Anubis.

Ticketmaster UK data breach larger than originally reported

A couple of weeks ago, we reported on a Ticketmaster UK data breach, which the company claimed at the time to have affected 5% of its customer base. But cybersecurity researchers discovered this week that the breach was much larger than originally thought, and that it was actually part of a global card-skimming campaign conducted by the threat group Magecart.

Initially, it was reported that only third-party supplier Inbenta Technologies had been compromised, causing it to furnish Ticketmaster UK with malware-infested support products. But researchers have revealed that another third-party supplier, SocialPlus, was also breached, affecting Ticketmaster Germany, Australia, and other international brands. Security watchdogs keeping an eye on Magecart point out that the group is refining its tactics to more effective strategies — essentially attacking a wider audience of victims by infecting third-party suppliers to major sites, as opposed to individual websites as a whole. So far, Magecart has attacked over 800 e-commerce sites.

Timehop data breach affects app-users

A July 4th data breach of the time capsule app Timehop affected 21 million accounts, though most of the data stolen were scraps of personal info, like email addresses only. The app company reports that 3.3 million of the breached accounts had the full picture — names, addresses, DOBs, and phone numbers — which could be used for identity theft.

In their updated official statement, Timehop includes a timeline that lays out everything they know about the breach. The company also explains how an unauthorized user used authorized credentials to infiltrate the system. The company was not using two-factor authentication at the time the unauthorized user hacked their way in, but they are currently installing the heavier security.

“The main problem with data breaches for users,” says Luis Corrons at Avast, “is that most reuse the same password. It makes sense, as there is an average of twenty different passwords each user should remember. But if even one of those accounts is compromised, then the rest are also in danger. Today, a password manager is essential”

Password managers generate unique and complicated passwords for each account you have, and then remembers those passwords so you don’t have to. Avast Passwords, our password manager, is free. Even better, both Avast Free Antivirus and Avast Premier Antivirus — our antivirus suites — include Avast Passwords as one of their many valuable features.

Macy’s data breach affects online shoppers

World-famous department store Macy’s reported on Tuesday that it suffered a data breach, and that 0.5% of its customer base had their info stolen from macys.com and/or bloomingdales.com. Stolen data includes names, passwords, credit cards numbers, and expiration dates. The department store chain emphasizes that credit card security codes were not amongst the breached data, as the company does not keep records of those.

The breach occurred between April and June this year. Macy’s says it has already set up stronger security measures in the time since the breach was discovered, and that all affected customers have been contacted and offered free consumer protection services.



Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.