Delete these tricky trojan dropper Android apps today or your banking info is in danger

Delete these tricky trojan dropper Android apps today or your banking info is in danger
Yes, ladies and gents, we're afraid it's that time of the year month again. The time to peruse the list of apps installed on your Android device to try to spot malicious titles that might be out to get you.

As paranoid as it sounds to the untrained ear, that almost always proves fruitful (in a bad way) for a significant number of users, who simply don't seem to be protected well enough by Google. The latest in-depth research conducted by cybersecurity firm ThreatFabric over the span of several months reveals a grand total of four malware families that wreaked havoc pretty much worldwide using a very particular set of spine-chilling skills.

More than 300,000 people could still be in danger

Now that's a scary number, and the scariest thing might be the way these malicious Anatsa, Hydra, Ermac, and Alien campaigns were found to operate between the months of June and November of this year.

In a nutshell, ThreatFabric researchers discovered a bunch of Android apps were used as "trojan droppers" in a large number of markets around the world, garnering decent reviews by offering legitimately useful features while secretly aiming to harvest sensitive financial information without owner approval.

The truly devious nature of the newly unearthed banking trojans arises from their activation, which happened sporadically, cancelling out most of the red flags normally associated with this type of threat.


Otherwise put, not all users in all countries were attacked, and the ones who did become victims of the huge security breach were targeted at different times, as illustrated in the handy graph above. For many people, the malicious apps never stopped working as advertised, only occasionally asking for permission to install essential updates that were in fact trojan droppers.

That way, the bad actors behind the apps could evade Google's Play Store protections upon their original installation, posing and oftentimes working as legitimate PDF document scanner, QR scanner, or two factor authentication services.

Recommended Stories
Overall, it is estimated that more than 300,000 infections resulted from these widespread "campaigns" in four months, and while it's not entirely clear how many of those users may still have their banking details at risk, you should probably take all the necessary precautions if you have reason to believe that might be the case.

This is the full list of malicious apps you need to delete ASAP

The first and most important security measure you have to employ as soon as possible, of course, is to uninstall these apps from your Android phone:

  • Two Factor Authenticator (package name com.flowdivision)
  • Protection Guard (
  • QR CreatorScanner (com.ready.qrscanner.mix)
  • Master Scanner Live (com.multifuction.combine.qr)
  • QR Scanner 2021 (com.qr.code.generate)
  • QR Scanner (com.qr.barqr.scangen)
  • PDF Document Scanner - Scan to PDF (com.xaviermuches.docscannerpro2)
  • PDF Document Scanner (
  • PDF Document Scanner Free (
  • CryptoTracker (
  • Gym and Fitness Trainer (com.gym.trainer.jeux)
  • Master Scanner Live (leaf.leave.exchang)
  • Gym and Fitness Trainer (gesture.enlist.say)
  • PDF AI: Text Recognizer (com.uykxx.noazg)
  • QR CreatorScanner (com.cinnamon.equal)
  • QR CreatorScanner (com.tag.right)

Because some of the apps in question have incredibly generic, similar, or even identical titles, the package names should help you more easily distinguish them from the Google Play pack. 

You can find an app's package name simply by searching for it on your web browser, and if you do identify any of the malicious apps listed above on your phone, it might be a good idea to contact your bank and see what they can do to help better protect your data.

There's a list of specific banks targeted by the Anatsa, Alien, Hydra, and Ermac trojans, by the way, but it's far too long to copy and paste here, covering numerous top financial institutions across the old continent, Australia, Asia, and of course, the United States.

Of those generic-sounding apps, Free QR Code Scanner (from developer QrBarCode LDC) alone crossed the 50,000 install milestone before Google finally ejected it from the Play Store, so you might want to start your search there.


For what it's worth, all of these particular apps have been removed from the official Play Store after their true intentions were discovered, but if history is any indication, it won't be long until other bad actors are found.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless