Skip to main content

New malicious apps found in Google Play

The family of Android malware that slipped past security defenses and infiltrated Google Play is more widespread than previously thought. New evidence shows it was folded into three additional apps and has been operating for at least 10 months, according to security researchers.
BadNews, as the malicious ad network library is called, has been included in at least 35 different apps that were available on Google servers for download, researchers from antivirus provider Bitdefender said Monday. As Ars reported last week, figures provided by Google showed they had been
downloaded anywhere from two million to nine million times. Although Google had removed 32 apps as of Friday, company security personnel didn't remove the additional three apps until they were flagged this weekend by Bitdefender. Apps that contain the BadNews code upload phone numbers, unique device identifiers, and other data from infected phones and then present end users with prompts to download and install fake updates for legitimate applications such as Skype.
The Bitdefender report came as researchers from security firm Fortinet reported the deactivation of a Google Play developer account that was also pushing a suspicious app.
It's unclear why Google employees removed the additional apps only after Bitdefender discovered them. It's possible that the code uses polymorphism to keep from displaying tell-tale signatures that could be caught by Bouncer, the cloud-based scanning service Google unveiled last year. A more depressing possibility is that the company didn't run a new set of scans on its existing base of offerings after receiving last week's report. Google representatives declined to comment on the record about the Bitdefender report.
"We've been saying for a while that there's aggressive adware that collects your data, collects all kinds of stuff on you, but now you can actually bypass Google security by using the custom-made adware framework," Bitdefender researcher Liviu Arsene told Ars. "As long as I convince enough developers to use my adware framework, I can push any type of content I want through that framework."
Among the malicious apps promoted by BadNews is AlphaSMS, a trojan that racks up charges by sending text messages to pricey services. Arsene said the malicious BadNews code library used to push such apps has been in existence since at least June 2012, although some of the apps that included it didn't initially display the fake update notifications.
"Although it didn't feature the push notification telling users to install fake updates—like the Skype update, for instance—it did have the function built into it," he explained. "It was kind of like someone was testing it but they didn't actually go along and have the malware. Somebody was testing the adware framework before it actually went and disseminated malware."
The revelation that some of the malicious functionality was never activated means that some users infected by BadNews may never have noticed anything awry. Even after a malicious update is displayed on an infected device, the user must specifically choose to download and install it and must have configured the phone to install apps from third-party sources. Still, while many Android users in the US rely solely on Google Play, third-party sources are much more popular in China and other countries. Ultimately, there's no independent way to know just how many end users may have fallen for the ruse.
The takeaway for Android users is to consider running a smartphone antivirus app. The Bitdefender product has been detecting BadNews code since June 2012 as Android.Trojan.InfoStealer.AK, Arsene said. Apps from other AV providers, including Lookout Mobile Security, also detect the BadNews apps. Users should think long and hard before allowing their devices to install apps from sources other than Google Play. The fact that the service has been hosting malicious titles for almost a year suggests this protection is by no means ironclad. Still, it can add an important layer of defense even when malicious apps do sneak past Google defenses.via: ars technica

Comments

Popular posts from this blog

LG’s first flexible OLED phone due before the year is out

LG plans to launch a flexible OLED smartphone before the end of the year, the company’s VP of mobile has confirmed, though it’s unclear to what extent the work-in-progress handset will actually flex. The OLED panel in question is the handiwork of LG Display according to VP of LG mobile Yoon Bu-hyun, the WSJ  reports, with the proposed device set to launch sometime in Q4. LG Display’s work on flexible OLEDs has been underway for some time, though the company’s efforts have perhaps been overshadowed somewhat by rival Samsung’s YOUM development. Last year, according to a Korea Times report, LG Display was preparing for

Bing Apps for Windows 8 get major updates

Late least year, Microsoft rolled out a half dozen Bing Apps for Windows 8 users, each one focused on a specific category, such as travel and sports. The apps were designed to offer “immersive vertical experiences,” and now, about six months later, a big line of updates for them is being pushed out. Users can grab the updates now by heading into the Windows Store and selecting the updates notification.

How to fix black spot on Phone Screen!

An honest talk about how to fix the damaged Phone screens in a very short time.