JanuaryDestination, unknown!
The next evolution for the Android operating systems is upon us! Samsung, Huawei and Motorola, are just some of the top brands that recently showcased the next iteration of smartphones at the recent Mobile World Conference (MWC) 2019 in Barcelona.
While we eagerly await the arrival of these devices, ESET’s Malware Analyst, Lukas Stefanko, does a deep dive into some of the exploits they’ve discovered throughout Q1 2019. Here are some of his findings:
Over 15 fake GPS Navigation apps with over 50 million installs from Google Play that violates Google rules. Rather than provide navigational services, these apps attract potential users with fake screenshots and look to generate ad revenue through various interactions. Once users interact with these apps, the Google Maps app is opened up and used, essentially making it redundant.
Adware, Everywhere!
85 game, TV and remote-control simulator apps on the Google Play store which contained an active adware family. The adware was capable of full-screen ads, hiding itself, monitoring a device’s screen unlocking functionality, and running in the mobile background. These apps have been downloaded a total of nine million times around the world.
Explicit Beauty
Several beauty camera apps on Google Play that are capable of accessing remote ad configuration services that can be used for malicious purposes. Some of these apps have already been downloaded millions of times, with a large number of the download count originating from Asia – particularly in India. The app will push several full-screen ads when users unlock their devices, including malicious ads (such as fraudulent content and pornography) that will pop up via the user’s browser.
February
Unknowingly hacked
Android devices were vulnerable to hacks by a remote hacker if they had mistakenly opened up a PNG (Portable Network Graphics) image file. A major flaw in Android’s framework allowed an attacker to execute computer code remotely by using a maliciously crafted PNG image file to smuggle the code. Google has since released a security patch to beef up its Android defences.
Insecure Converter
A file converting app called ‘pdf to word’ was recently discovered on Google Play. The app placed all user-uploaded PDFs on an FTP server, amassing a collection of 360,000 files, and made them accessible and downloadable by anyone, without any authentication. This had led to the leak of many private and confidential documents, readily available on the internet.
Mischief Managed
All users of the Password Cloud app (both free and paid versions) are vulnerable to having their secret information leaked. The app utilises AES 265-bit encryption, which is considered standard technology for such applications. However, it is possible for an attacker to retrieve any information stored in this app, including the password securing the app itself.
Insta-Trojan
Malware analysts revealed 39 new modifications of the Android.HiddenAds Trojan family on Google Play. They were hidden in seemingly safe programs: photography, applications, image and video editors, collections of desktop wallpapers, system utilities, games, and other software. Overall, they were installed by over nine million users. Some of these Trojans have likely been spread via Instagram and YouTube.
Independent testing outfit AV-Comparatives tested more than 2,000 of the most common Android Malware samples against 250 “security” apps available on the Android store. Surprisingly only 23 apps passed the test with a 100-per cent success rate at detecting the Malicious code. The rest of the apps that didn’t pass would work instead of keeping you safe, would pester you with unwanted ads, all in the name of easy revenue for the developers.
A number of products that scored poorly in the test were deemed to be the work of what AV-Comparatives called “hobby developers”. Rather than focus on producing quality security software, these software makers apparently produce a variety of apps that are only designed to generate ad revenue for them.
With ‘Love’, From Italy
Security Without Borders recently identified a new Android spyware platform named Exodus. Exodus is equipped with extensive collection and interception capabilities that could lead to the spyware exposing the infected devices to further compromise or data tampering.
While details would vary, all of the identified copies of this spyware shared a similar disguise. In most cases, they would be crafted to appear as applications distributed by unspecified mobile operators in Italy.
Most of these apps have collected a few dozen installations each, with one case reaching over 350. All of the victims are located in Italy. Thankfully however, all these Google Play Store pages have been taken down by Google.
Removing is not uninstalling
Lukas Stefanko recently discovered three apps on Google Play with over 700,000 installs, that are actually AdWare, that use interesting persistence technique. Post installation, when the user realises the app is not as described, they can only remove the app icon, but not uninstall the app. This means that while it is not displayed on the user's device, it is still running in the background until it is manually uninstalled from the Google Play Store.
