Technology

Google Play app with 100 million downloads executed secret payloads – Ars Technica

Google Play app with 100 million downloads executed secret payloads – Ars Technica

CAMSCAMMER — The sad, impractical truth about Android app security in 2019. Dan Goodin – Aug 27, 2019 7:15 pm UTC The perils of Google Play are once again on display with the discovery of an app with 100 million downloads that contained a malicious component that downloaded secret payloads onto infected Android devices. Throughout…

CAMSCAMMER —

The sad, impractical truth about Android app security in 2019.


Google Play app with 100 million downloads completed secret payloads

The perils of Google Play are all all over again on exhibit with the discovery of an app with 100 million downloads that contained a malicious factor that downloaded secret payloads onto contaminated Android devices.

Correct via most of its lifestyles, CamScanner was a legit app that equipped distinguished capabilities for scanning and managing paperwork, researchers from antivirus supplier Kaspersky Lab talked about on Tuesday. To compose money, the builders displayed ads and equipped in-app purchases.

Then, one day things modified. The app was updated so to add an advertising library that contained a malicious module. This factor was what’s normally known as a “Trojan dropper,” which intention it normally downloaded encrypted code from a developer-designated server at https://abc.abcdserver[.]com and then decrypted and completed it on contaminated devices. The module, which Kaspersky Lab researchers named Trojan-Dropper.AndroidOS.Necro.n, would possibly per chance also download and assemble whatever the builders wanted at any time. The researchers talked about that they’ve previously found out Trojan-Dropper.AndroidOS.Necro.n lurking internal apps that are preinstalled on some telephones equipped in China.

“The above-described Trojan-Dropper.AndroidOS.Necro.n capabilities enact the first task of the malware: to download and begin a payload from malicious servers,” a separate put up from Kaspersky Lab explained. “Consequently, the homeowners of the module can exhaust an contaminated tool to their profit in any manner they peep fit, from exhibiting the victim intrusive advertising to stealing money from their cell story by charging paid subscriptions.”

The incident underscores the scenario Android customers face when seeking distinguished apps. Google scanners are unable to get all the pieces, in particular when builders sneak malicious or unethical code into apps which get already handed preliminary inspections. The : there’s no easy manner to compose determined an app is get. This truth is disappointing, attributable to Google has made true strides in securing extra fresh versions of Android.

One manner to vet apps is to read reviews left by a form of customers. Kaspersky Lab researchers talked about that hostile suggestions left over the past month “indicated the presence of undesirable components” in CamScanner. And naturally, folk ought to repeatedly glance the permissions an app requires. Access to the microphone, digicam, contacts, plot files, or the cell phone app can normally be telltale signs one thing is substandard, but not continually. Normally apps want this salvage entry to for legit causes. CamScanner, as an illustration, would obviously want salvage entry to to the digicam to work as advertised. Seeking out apps from known builders, when that which you would possibly presumably also name to mind, can normally be helpful.

Finally, the most fundamental strategy is to put in simplest the apps that are genuinely distinguished and to uninstall apps that haven’t been outmoded rapidly. The practicality and effectiveness of this steering is by no intention ultimate, but that’s unfortunately the most fresh deliver of security for Android apps.

View Source

Most Popular

To Top