Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

8/31/2020
05:30 PM
50%
50%

Malicious Android Apps Slip Through Google Play Protection

Multiple Android apps were found spying on users and recruiting victims' devices into ad-fraud botnets.

Security researchers have discovered at least half a dozen cases in which malicious Android apps slipped through the Google Play safety net to plant malware on Android devices. In a separate case, Android apps promised free shoes but instead delivered a botnet to victims' phones.

In the first instance, researchers at Pradeo found six apps infected with Joker malware. The malware, which exfiltrates data and registers victims for premium subscription services, was found on 11 Android apps in July and has now been detected on an additional six. After notifying Google, Pradeo found that two of the malicious apps were removed from the Google Plau store but four remain active and available to download. According to Pradeo, the six apps it found in August have so far been downloaded more than 200,000 times.

Related Content:

Large Ad Network Collects Private Activity Data, Reroutes Clicks

Why Quality & Security Both Matter in Software

Free high-end athletic shoes are the hook for the other malware campaign, discovered by the Satori Threat Intelligence and Research Team. The campaign, which researchers dubbed "Terracotta," promised (but never delivered) free kicks to victims. Rather than shoes, victims received malware that recruits the device into a botnet that, according to researchers, is "...a customized Android browser packaged alongside a control module written in the React Native development framework."

The software, "...is loaded onto the phone and used to generate fraudulent ad impressions, sold into the programmatic advertising ecosystem, and defrauding advertisers at scale."

While some of the fraudulent apps have been taken out of the Play Store, researchers warn that more appear to replace those removed by Google. The ultimate protection, they say, is that, "As much as we all love a bargain, remember friends don't let friends get scammed online."

For more, read here and here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RichardM23501
50%
50%
RichardM23501,
User Rank: Apprentice
9/1/2020 | 1:48:58 PM
Google Security...
Google doesn't test every app for security leaks. The cursory testing is automated and likely not well simulated.
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...