Beware! Delete These Android Apps Because They May Be Stealing Your Bank Credentials

Most of these apps have been downloaded over 300,000 times!


Researchers have recently discovered popular Android apps on Google Play contain malicious trojans that might’ve got your bank details and credentials. Ars Technica reported that these apps got 2FA codes and credentials and also logged keystrokes and took screenshots.

The scariest part is that the apps were disguised as regular apps that most people frequently use, like PDF scanners, QR scanners, and even Crypto Wallets.

Here’s the list of apps that you should delete right now:

  • Two Factor Authenticator (com.flowdivision)
  • Protection Guard (
  • QR CreatorScanner (com.ready.qrscanner.mix)
  • Master Scanner Live (com.multiffuctuon.combine.qr)
  • QR Scanner 2021 (com.qr.code.generate)
  • QR Scanner (com.qr.barqr.scangen)
  • PDF Document Scanner – Scan to PDF (com.xaviermuches.docsscannerpro2)
  • PDF Document Scanner (
  • PDF Document Scanner Free (
  • CryptoTracker (
  • Gym and Fitness Trainer (com.gym.trainer.jeux)
  • Gym and Firness Trainer (com.gym.trainer.jeux)

The researchers said in a post, “What makes these Google Play distribution campaigns very difficult to detect from automation (sandbox) and machine learning perspective is that dropper apps all have a tiny malicious footprint. This small footprint is a (direct) consequence of the permission restrictions enforced by Google Play.”

Abubakar Mohammed

Abubakar Mohammed

Abubakar is a Linux and Tech Writer. Hailing from a Computer Science background, the start of his love for Tech dates back to 2011, when he was gifted a Dell Inspiron 5100. When he's not covering Tech, you'll find him binge-watching anime and Tech content on YouTube or hunting heads in competitive FPS games. You can also find his work on Android Police and How-To Geek.
More From Fossbytes

Latest On Fossbytes

Find your dream job