Archive for the ‘google play’ Category

Google Play caught hosting an app that steals users’ cryptocurrency

February 9th, 2019
Google Play caught hosting an app that steals users’ cryptocurrency

Enlarge (credit: Yu Chun Christopher Wong/S3studio/Getty Images)

Google Play has been caught hosting yet another malicious app, this time one that was designed to steal cryptocurrency from unwitting end users, researchers said Friday.

The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers, a researcher with Eset said in a blog post. As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers.

So-called clipper malware has targeted Windows users since at least 2017. Last year, a botnet known as Satori was updated to infect coin-mining computers with malware that similarly changed wallet addresses. Last August came word of Android-based clipper malware that was distributed in third-party marketplaces.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, cryptocurrency, google play, malware | Comments (0)

Google Play apps with >4.3 million downloads stole pics and pushed porn ads

February 1st, 2019
Screenshots of the pop-up ads displayed by malicious apps that were available in Google's Play Store.

Enlarge / Screenshots of the pop-up ads displayed by malicious apps that were available in Google's Play Store. (credit: Trend Micro)

Google has banned dozens of Android apps downloaded millions of times from the official Play Store after researchers discovered they were being used to display phishing and scam ads or perform other malicious acts.

A blog post published by security firm Trend Micro listed 29 camera- or photo-related apps, with the top 11 of them fetching 100,000 to 1 million downloads each. One crop of apps caused browsers to display full-screen ads when users unlocked their devices. Clicking the pop-up ads in some cases caused a paid online pornography player to be downloaded, although it was incapable of playing content. The apps were carefully designed to conceal their malicious capabilities.

“None of these apps give any indication that they are the ones behind the ads, thus users might find it difficult to determine where they’re coming from,” Trend Micro Mobile Threats Analyst Lorin Wu wrote. “Some of these apps redirect to phishing websites that ask the user for personal information, such as addresses and phone numbers.”

Read 6 remaining paragraphs | Comments

Posted in Android, apps, Biz & IT, google play, porn | Comments (0)

Google Play malware used phones’ motion sensors to conceal itself

January 18th, 2019
Google Play malware used phones’ motion sensors to conceal itself

Enlarge (credit: Andri Koolme / Flickr)

Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection—they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks.

The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers—and possibly Google employees screening apps submitted to Play—are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.

Security firm Trend Micro found the motion-activated dropper in two apps—BatterySaverMobi, which had about 5,000 downloads, and Currency Converter, which had an unknown number of downloads. Google removed them once it learned they were malicious.

Read 5 remaining paragraphs | Comments

Posted in Android, anubis, Biz & IT, google play, malware, motion sensor | Comments (0)

Google Play ejects 22 backdoored apps with 2 million+ downloads

December 6th, 2018
Google Play ejects 22 backdoored apps with 2 million+ downloads

(credit: Jeremy Brooks / Flickr)

Almost two dozen apps with more than 2 million downloads have been removed from the Google Play market after researchers found they contained a device-draining backdoor that allowed them to surreptitiously download files from an attacker-controlled server.

The 22 rogue titles included Sparkle Flashlight, a flashlight app that had been downloaded more than 1 million times since it entered Google Play sometime in 2016 or 2017, antivirus provider Sophos said in a blog post published Thursday. Beginning around March of this year, Sparkle Flashlight and two other apps were updated to add the secret downloader. The remaining 19 apps became available after June and contained the downloader from the start.

“Serious harm”

By the time Google removed the apps in late November, they were being used to click endlessly on fraudulent ads. "Andr/Clickr-ad," as Sophos has dubbed the family of apps, automatically started and ran even after a user force-closed them, functions that caused the apps to consume huge amounts of bandwidth and drain batteries. In Thursday's post, Sophos researcher Chen Yu wrote:

Read 9 remaining paragraphs | Comments

Posted in ad fraud, Android, apps, Biz & IT, google play, Malicious | Comments (0)