05:30 PM
Security researchers have discovered at least half a dozen cases in which malicious Android apps slipped through the Google Play safety net to plant malware on Android devices. In a separate case, Android apps promised free shoes but instead delivered a botnet to victims’ phones.
In the first instance, researchers at Pradeo found six apps infected with Joker malware. The malware, which exfiltrates data and registers victims for premium subscription services, was found on 11 Android apps in July and has now been detected on an additional six. After notifying Google, Pradeo found that two of the malicious apps were removed from the Google Plau store but four remain active and available to download. According to Pradeo, the six apps it found in August have so far been downloaded more than 200,000 times.
Free high-end athletic shoes are the hook for the other malware campaign, discovered by the Satori Threat Intelligence and Research Team. The campaign, which researchers dubbed “Terracotta,” promised (but never delivered) free kicks to victims. Rather than shoes, victims received malware that recruits the device into a botnet that, according to researchers, is “…a customized Android browser packaged alongside a control module written in the React Native development framework.”
The software, “…is loaded onto the phone and used to generate fraudulent ad impressions, sold into the programmatic advertising ecosystem, and defrauding advertisers at scale.”
While some of the fraudulent apps have been taken out of the Play Store, researchers warn that more appear to replace those removed by Google. The ultimate protection, they say, is that, “As much as we all love a bargain, remember friends don’t let friends get scammed online.”
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full BioRecommended Reading:
Comment |
Print |
More Insights
Flash Poll
Special Report: Understanding Your Cyber Attackers
If you want to get a better sense of the threats that might be coming – and your organization’s vulnerability to those threats – this special report is a must-read.
Bug Report
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-25058
PUBLISHED: 2020-08-31
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020).
CVE-2020-25059
PUBLISHED: 2020-08-31
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).
CVE-2020-25060
PUBLISHED: 2020-08-31
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020).
CVE-2020-25061
PUBLISHED: 2020-08-31
An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020).
CVE-2020-25062
PUBLISHED: 2020-08-31
An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020).
The post Malicious Android Apps Slip Through Google Play Protection first appeared on Malware Devil.
https://www.malwaredevil.com/2020/08/31/malicious-android-apps-slip-through-google-play-protection/?utm_source=rss&utm_medium=rss&utm_campaign=malicious-android-apps-slip-through-google-play-protection
No comments:
Post a Comment