The National Information Technology Development Agency (NITDA) of Nigeria via an X post issued an advisory against scammers mimicking the official Google Play Store to distribute the Play Praetor trojan.
It’s a call for vigilance as the attack grows in sophistication with over 6,000 instances of these fraudulent pages being identified already.
The goal is to blindly land victims on fake websites that appear as Google Play Store to download malicious apps deemed as legitimate.
How Play Praetor Trojan Operates
The play praetor malware campaign is a large-scale attack targeting Android users specifically financial institutions and customers for the obvious reason — financial gain.
The malware is often distributed through Meta ads and SMS messages, where victims are misled to the wrong websites.
Once you install an application, the malware silently installs on your device. It then goes further to steal your banking credentials, monitor clipboard activity, and log keystrokes transferred to attackers.
Additional details capable of transferring include accessibility service status, current active applications, geographic location, battery status, and network details.
Technical analysis by CTM360, the company that discovered the malware, revealed the malware targets Android versions 7.0 (SDK 24) through 13.0 (SDK 33) predominantly in Southeast Asia.
Detecting the attack can be difficult as these fake sites mimic the original Google Play Store completely — similar app logos and layouts.
How to Protect Yourself From Play Praetor Trojan
To protect yourself, NITDA has provided recommended measures to follow to keep you safe:
• Download apps from the official Google Play store or other trusted sources.
• Verify App developers and read reviews before installation.
• Regularly update devices and apps to patch vulnerabilities.
• Use reputable mobile security solutions to detect and block threats.
About Author
