Banking Trojans and Shady Apps Galore in Google Play

Google

Banking Trojans and Shady Apps Galore in Google Play

Google Play (previously Android Market) is a digital distribution service operated and developed by Google. It serves as the official app store for the Android operating system, allowing users to browse and download applications developed with the Android software development kit (SDK) and published through Google.

Despite Google’s defenses for protecting Android’s official marketplace, cybercriminals still manage to sneak in a banking Trojan, or two, or three, security researchers have discovered.

Recently, security researchers from different security companies based in Europe disclosed on Twitter that they found several banking Trojans in Google Play.

Lukas Stefanko of ESET antivirus vendor found three such malicious apps posing as astrology software that offered the horoscope. What they really divined, though, was theft of SMS and call logs, sending text messages in the victim’s name, downloading and installing apps without user approval, and stealing banking credentials.

One of the malicious apps, which Stefanko noticed in its code that had been named Herobot, displayed a fake warning saying that it was incompatible and has been removed as a result.

 

 

Google

 

 

Other perils lurk around

 

Banking Trojans may be among the malware type that prompt urgent action from the Android store curator, but they are definitely not the only threat in Google Play.

Stefanko provided examples of other apps that blatantly impact users’ privacy, adware, spyware, and trackware, some with tens of millions of installations to date.

The researcher pointed to one called Protect Your Data, an app offering VPN services, with over 10 million installations. According to Stefanko, instead of hiding traffic, the app collected it, as described in its description.

In another case, an app promised to increase the random access memory (RAM) on your device to an incredible 128GB. If data from the store is correct, more than 100,000 people fell for the scam.

 

 

Banking Trojan

 

 

App leaks location every 15 seconds

 

Another example from Stefanko is the “Transparent clock and weather” app, which leaks user location in cleartext, every 15 seconds.

Although analysis suggests that the longitude and latitude information is not actively collected by the developer of the app, an attacker accessing the data can learn the user’s every move.

The two researchers are joined in their endeavor to show Google what needs to be removed from the store by researchers from Russian security company Dr. Web. They recently shared the discovery of 127 offensive apps, totaling over 10,000 downloads; all of them have been ousted from the store.

 

 

App

 

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Web Penetration Testing Company in Bangalore

Network Penetration Testing – NPT

Network Penetration Testing Service in Bangalore

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Show Buttons
Hide Buttons