Cyber security specialists from the ESET company have detected eight dangerous applications available in the Google Play store. These includes: MEX Tools, Clear Android, Cleaner for Android, World News, WORLD NEWS, World News PRO.

The given applications do not arouse any suspicions in Google Play store users. However, in reality the apps are a cleverly designed multi-stage downloaders.

After being downloaded and installed, the apps do not request any suspicious permissions and even mimic the activity the user expects them to exhibit.

However, during the initial installation process, an additional Trojan-like software is also installed, without the user’s knowledge. The newly acquired malware can secretly connect with the cyberattacker’s servers and download secondary malicious application. Once installed and having the requested permissions granted, the second app behaves like a typical banking Trojan, capable of presenting the user with fake login forms to stealing credentials or credit card details.

Unfortunately, the multi-stage downloaders have a better chance of sneaking into official app stores than common Android malware does. Users who want to stay protected should not rely fully on the stores’ protections, but also pay attention to what permissions they grant to apps, and install additional anti-malware software.