Banking Trojans and Shady Apps Galore in Google Play
Google Play (previously Android Market) is a digital distribution service operated and developed by Google. It serves as the official app store for the Android operating system, allowing users to browse and download applications developed with the Android software development kit (SDK) and published through Google.
Despite Google’s defenses for protecting Android’s official marketplace, cybercriminals still manage to sneak in a banking Trojan, or two, or three, security researchers have discovered.
Recently, security researchers from different security companies based in Europe disclosed on Twitter that they found several banking Trojans in Google Play.
Lukas Stefanko of ESET antivirus vendor found three such malicious apps posing as astrology software that offered the horoscope. What they really divined, though, was theft of SMS and call logs, sending text messages in the victim’s name, downloading and installing apps without user approval, and stealing banking credentials.
One of the malicious apps, which Stefanko noticed in its code that had been named Herobot, displayed a fake warning saying that it was incompatible and has been removed as a result.
Other perils lurk around
Banking Trojans may be among the malware type that prompt urgent action from the Android store curator, but they are definitely not the only threat in Google Play.
Stefanko provided examples of other apps that blatantly impact users’ privacy, adware, spyware, and trackware, some with tens of millions of installations to date.
The researcher pointed to one called Protect Your Data, an app offering VPN services, with over 10 million installations. According to Stefanko, instead of hiding traffic, the app collected it, as described in its description.
In another case, an app promised to increase the random access memory (RAM) on your device to an incredible 128GB. If data from the store is correct, more than 100,000 people fell for the scam.
App leaks location every 15 seconds
Another example from Stefanko is the “Transparent clock and weather” app, which leaks user location in cleartext, every 15 seconds.
Although analysis suggests that the longitude and latitude information is not actively collected by the developer of the app, an attacker accessing the data can learn the user’s every move.
The two researchers are joined in their endeavor to show Google what needs to be removed from the store by researchers from Russian security company Dr. Web. They recently shared the discovery of 127 offensive apps, totaling over 10,000 downloads; all of them have been ousted from the store.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: