Comments
Google has banned from its Play Store 11 apps for injecting malware into users’ phones, according to reports.
A new variant of popular malware Joker had been discovered by researchers at cybersecurity firm Check Point. The malware had been hiding from security checks by hiding in apps that seemed legitimate.
“Check Point’s researchers recently discovered a new variant of the Joker Dropper and Premium Dialer spyware in Google Play. Hiding in seemingly legitimate applications, we found that this updated version of Joker was able to download additional malware to the device, which subscribes the user to premium services without their knowledge or consent,” Check Point said in its report.
Joker is one of the most frequently encountered malware for Android and has made its way to apps on Google Play Store in the past.
Google in January had said that it had removed over 1,700 apps that contained the malware Bread, also known as Joker.
Alec Guertin and Vadim Kotov, who belong to the Android Security & Privacy Team, had explained in a blog post that Google’s security team had been tracking the malware since 2017. It was initially used for SMS fraud. However, due to updated security checks, the malware had been altered for billing fraud.
“As the Play Store has introduced new policies and Google Play Protect has scaled defences, Bread apps were forced to continually iterate to search for gaps. They have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected. Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere,” the blog read.
“Google Play Protect detected and removed 1.7k unique Bread apps from the Play Store before ever being downloaded by users. Bread apps originally performed SMS fraud, but have largely abandoned this for WAP billing following the introduction of new Play policies restricting use of the SEND_SMS permission and increased coverage by Google Play Protect,” it said.
Old technique
The new variant has adopted an old old technique from malware used for infecting PCs, according to the Check Point research report. The malware subscribes users to premium services without them knowing about it or consenting to it.
“Joker utilised two main components – the Notification Listener service that is part of the original application, and a dynamic dex file loaded from the C&C server to perform the registration of the user to the services,” the report read.
It listed 11 apps found on Google Play that contained the malware. These apps include:
com.imagecompress.android
com.contact.withme.texts
com.hmvoice.friendsms
com.relax.relaxation.androidsms
com.cheery.message.sendsms (two different instances)
com.peason.lovinglovemessage
com.file.recovefiles
com.LPlocker.lockapps
com.remindme.alram
com.training.memorygame
Check Point suggests uninstalling these applications from a user device to prevent future threats. It also suggests that users check their mobile and credit-card bills to detect any unknown subscriptions. User can also install trusted cybersecurity solutions to prevent such attacks.
Comments
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.