Security Alert: Beware of Malicious Google Play Store Scam Campaign

We would like to alert our valued customers about a large-scale cyber scam involving fake Google Play Store pages. These fraudulent websites are designed to closely resemble the official Play Store, tricking users into downloading malicious Android applications (APKs). These apps are actually Trojan malware that can steal sensitive personal and financial information.

What’s Happening?

Cybercriminals have launched a sophisticated campaign using fake domains that mimic trusted sources. These malicious APKs:

  • Appear legitimate in name and icon
  • Target Android versions 7.0 to 13.0
  • Request dangerous permissions (e.g., Accessibility Services)
  • Steal banking credentials, monitor clipboard activity, and log keystrokes

Once installed, these apps can compromise your device and personal data, including banking information.

How the Attack Works

  • Fake Domains: Attackers register domains that look like official Google Play Store URLs.
  • Trojan APKs: These apps impersonate legitimate ones but are designed to spy on users.
  • Targeted Banking Apps: The malware scans your device for banking apps and waits to steal credentials.

Capabilities of the Malware

  • Credential Theft: Logs keystrokes and uses phishing overlays to steal login details.
  • Personal Data Harvesting: Collects names, phone numbers, emails, etc.
  • SMS & OTP Interception: Captures one-time passwords to bypass multi-factor authentication.
  • Ad Fraud & Botnets: Generates fake ad clicks or joins your device to a botnet.
  • Ransomware: May lock your device or encrypt files for ransom.

Known Indicators of Compromise

Malicious Domains:

  • hxxps://pajak.abrgo.cc/
  • hxxps://pajak.veugo.cc/
  • hxxps://googleplay.djppajakgoid.com/
  • hxxps://pajak.rugind.cc/

Malicious APK Details:

  • App Name: M-Pajak.apk
  • Package Name: com.pa6388age.pak
  • SHA256 Hash: 4a6fe0fa75fce1fe0029a0dbbe4e0b263812b011dfb0ba509e52f7f480389acf

Command & Control Servers:

  • hxxps://ynadmwss.top:8081/device/getAllDeviceAppPackageSetting
  • hxxps://ynadmwss.top:8081/device/saveAppList
  • hxxps://ynadmwss.top:8081/device/addOrUpdateDevice

Best Practices to Stay Safe

  • Download only from official app stores (Google Play, Apple App Store).
  • Review app details: Check reviews, permissions, and developer info.
  • Avoid side loading apps from unknown sources.
  • Keep your device updated with the latest security patches.
  • Be cautious with links in unsolicited emails or SMS messages.
  • Verify sender information in SMS messages from banks.
  • URL preview tools to inspect shortened links.
  • Install reputable antivirus software and keep it updated.
  • Use Safe Browsing and content filtering tools.
  • Look for HTTPS and the padlock icon in your browser before entering sensitive data.
  • Stay informed through cybersecurity awareness programs.
  • Report suspicious activity to your bank immediately.

Need Help?

If you notice any unusual activity in your account or suspect that your device may be compromised, contact our customer support team immediately with relevant details. Your prompt action can help prevent further damage.