Malicious Apps Use Sneaky Versioning Approach to Bypass Google Play Retailer Scanners


Aug 03, 2023THNCell Safety / Malware

Google Play Store Scanners

Menace actors are leveraging a method known as versioning to evade Google Play Retailer’s malware detections and goal Android customers.

“Campaigns utilizing versioning generally goal customers’ credentials, information, and funds,” Google Cybersecurity Motion Staff (GCAT) stated in its August 2023 Menace Horizons Report shared with The Hacker Information.

Whereas versioning just isn’t a brand new phenomenon, it is sneaky and laborious to detect. On this technique, a developer releases an preliminary model of an app on the Play Retailer that passes Google’s pre-publication checks, however is later up to date with a malware part.

That is achieved by pushing an replace from an attacker-controlled server to serve malicious code on the tip consumer machine utilizing a technique known as dynamic code loading (DCL), successfully turning the app right into a backdoor.

Cybersecurity

Earlier this Could, ESET found a display screen recording app named “iRecorder – Display Recorder” that remained innocuous for almost a 12 months after it was first uploaded to the Play Retailer earlier than malicious modifications have been launched sneakily to spy on its customers.

One other instance of malware utilizing the DCL technique is SharkBot, which has repeatedly made an look on the Play Retailer by masquerading as safety and utility apps.

SharkBot is a monetary trojan that initiates unauthorized cash transfers from compromised units utilizing the Automated Switch Service (ATS) protocol.

Google Play Store

Dropper functions that seem on the storefront include diminished performance that, as soon as put in by the victims, obtain a full model of the malware in a bid to draw much less consideration.

“In an enterprise setting, versioning demonstrates a necessity for defense-in-depth ideas, together with however not restricted to limiting utility set up sources to trusted sources akin to Google Play or managing company units by way of a cell machine administration (MDM) platform,” the corporate stated.

The findings come as ThreatFabric revealed that malware purveyors have been exploiting a bug in Android to move off malicious apps as benign by “corrupting elements of an app” such that the app as an entire stays legitimate, in response to KrebsOnSecurity.

Cybersecurity

“Actors can have a number of apps printed within the retailer on the identical time beneath completely different developer accounts, nevertheless, just one is performing as malicious, whereas the opposite is a backup for use after takedown,” the Dutch cybersecurity firm famous in June.

“Such a tactic helps actors to take care of very lengthy campaigns, minimizing the time wanted to publish one other dropper and proceed the distribution marketing campaign.”

To mitigate any potential dangers, it is really helpful that Android customers follow trusted sources for downloading apps and allow Google Play Defend to obtain notifications when a doubtlessly dangerous app (PHA) is discovered on the machine.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles