Sneaky Android Malware Camouflaged in Kids’ Apps Committing Ad Fraud

Sneaky Android Malware Camouflaged in Kids’ Apps Committing Ad Fraud
фото показано с : beincrypto.com

2020-3-27 06:15

The Google Play Store has found itself in yet another malicious app scandal. This time, researchers have found a new malware nesting in several apps available on the marketplace.

Researchers from cybersecurity firm Check Point revealed in a recent blog post that they conducted an extensive search across the Play Store that yielded the discovery of several malicious apps. The post explained that most of these apps targeted children, adding that they could have infected as many as 1.7 million Android devices globally.

Tekya: Native Android Code with Antivirus Evasion

According to Check Point, all these apps were infected with Tekya— a malware that successfully evades Google Play Protect and other security measures put in place in the Play Store. The malware was found on 32 utility apps and 24 children’s games. Once a Tekya-infested app is downloaded, it commits ads fraud by leveraging Android’s MotionEvent actions, which record users’ movement with a finger or stylus across their screen to generate fake clicks.

Check Point further explained that most of the apps were written in native Android code — especially C and C++ languages — as opposed to having the usual Java underlying code. With these languages, app manufacturers can launch their apps on the Play Store without the appropriate levels of scrutiny and effectively avoid detection when they publish.

Google Constantly Roped into Malicious App Scandals

Google has found itself mired in several malicious app scandals so far; it seems almost routine for the firm. Earlier this year, Check Point confirmed that they had found two malware types — Haken and Joker — on several apps across the Play Store.

Check Point’s researchers had revealed that the malware duo was evolving in response to Google’s security checks and policies.

Over the past few months, the Joker malware has appeared in a number of mobile apps on the Play Store. The Joker is a master at billing fraud. Once a Joker-infested app is installed, the user’s account would be used to pay for premium services without authorization. It does this through a combination of SMS receivers and custom HTML parsers.

As Check Point’s researchers explained, merely removing the malicious app won’t cancel the fraudulent subscription. Instead, the victim has to reach out to the service provider and ask for a cancellation.

As for Hacken, the malware mimics the user and generates clicks on ads. Check Point pointed out that the malware had infected eight apps on Play Store, with more than 50,000 downloads already.

The post Sneaky Android Malware Camouflaged in Kids’ Apps Committing Ad Fraud appeared first on BeInCrypto.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

HEROcoin (PLAY) на Currencies.ru

$ 0.0007079 (-0.01%)
Объем 24H $0
Изменеия 24h: 0.01 %, 7d: -29.68 %
Cегодня L: $0.0007078 - H: $0.0007079
Капитализация $125.312k Rank 2253
Цена в час новости $ 0.0009527 (-25.7%)

apps malware store play found researchers fraud

apps malware → Результатов: 33


Supply chains show their weaknesses following Avast and NordVPN attacks

Antivirus solution provider Avast and VPN service NordVPN both disclosed data breaches caused by exposed credentials that granted attackers remote access to internal systems. The twin developments come as supply chain attacks — compromising a third-party vendor with a connection to the true target — targeting security-related apps are becoming a common vector to install malware.

2019-10-22 16:20


Фото:

Android users suckered for $100s by basic calculator and QR scanning apps

If all the different types of malware that find a way to sneak into the Google Play Store wasn’t enough, here’s another nasty surprise. A new category of apps called “Fleeceware” has been unearthed on the app distribution platform; these apps were found to abuse the Play Store policies and grossly charge users hundreds of dollars for mundane services like calculators and QR code scanners.

2019-9-26 09:30


Фото:

VPN apps with 500M+ installs caught serving disruptive ads to Android users

Google Play Store has a malware problem. And it doesn’t seem to go away despite the company’s best efforts to rein in sketchy apps. In a yet another instance of Android adware, New Zealand-based independent security researcher Andy Michael found four Android VPN apps with cumulative downloads of over 500 million that not only serve ads while running the background, but are also placed outside the apps, including the home screen.

2019-9-20 14:53


Фото:

Google purges 24 malware-ridden apps that were downloaded 500,000 times

Android just can’t seem to shake off its malware issues.  A new malware campaign targeting Android has been found to engage in ad fraud at least since early June 2019. The findings, disclosed by cybersecurity firm CSIS Security Group, reveal that the malware — called Joker — is designed to surreptitiously sign users up for premium service subscriptions, in addition to stealing the victim’s SMS messages, the contact list, and device information.

2019-9-10 10:46


Фото:

Researcher discloses second Steam zero-day exploit after being shut out of bug bounty program

A second zero-day vulnerability has been publicly disclosed in the Steam gaming client by security researcher Vasily Kravets after he said he was banned from its bug-bounty program. The revelations come two weeks after another zero-day previously disclosed by Kravets and researcher Matt Nelson was disputed by Valve, Steam’s parent company.

2019-8-22 09:52


Фото:

It’s 2019 and Google still can’t keep malware out of its Android app store

Google appears to have a problem with stopping malicious apps from sneaking into the Play Store. In what appears to yet another case of malware disguised as a legitimate app, security researchers from Symantec have found a new app that advertised itself as an unofficial version of Telegram messaging app — only to push malicious websites in the background.

2019-7-16 14:40