Tag Archive for: Apps

13 Malicious Android Apps You Should Delete Immediately

/in


We’re ending the year with another crop of malicious Android apps you should delete from your phone ASAP.

The McAfee Mobile Research Team uncovered apps in Google Play and third-party app stores that are infected with malware it’s dubbed Xamalicious because it’s “implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#.”

Once installed, a malicious app “tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload.” If the second-stage payload is installed, it can take full control of your device, meaning “it has the potential to perform any type of activity like a spyware or banking trojan without user interaction,” McAfee says.

The apps can also do things like install other apps or click on ads without your consent. The Cash Magnet app, for example, automatically clicks ads and installs apps to fraudulently generate revenue; users think they’re earning points to be redeemable as a retail gift card.

“This means that the developers behind these threats are financially motivated and drive ad-fraud therefore this might be one of the main payloads of Xamalicious,” McAfee says.

McAfee identified 25 apps that contain the threat, 13 of which were distributed on Google Play, some as far back as 2020. It notes that “the usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code.

“Malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server,” McAfee adds.

McAfee estimates the apps have potentially compromised 327,000 devices from Google Play, in addition to any downloads that were made from third-party markets. Most Xamalicious activity was detected in the US, Brazil, and Argentina, though infections were also reported in the UK, Spain, and Germany. 

Google removed the apps from Google Play after McAfee reported them. But there’s a chance you might still have them…

Source…

Google tests a ‘Private Space’ feature on Android phones, allowing secure hiding of apps

/in


Minute Mirror - Subscribe
Minute Mirror - Subscribe

For Android smartphones, Google is actively developing a feature called “Private Space” that will allow users to safely conceal apps. This feature, which is expected in a future Android OS update, allows users to hide files and apps from other users, similar to Samsung’s Secure Folder feature that has been around for six years.

This feature, found in the Security & Privacy settings, enables users to create a protected Android user profile using biometrics or a password/PIN. Mishaal Rahman found this development in the Android 14 QPR2 beta. This feature improves privacy when sharing the device by hiding not just the presence of the app but also its notifications.

To preserve the covert use of the “Private Space” feature, Google is thinking of implementing a search bar trigger to reveal these apps.
The possible inclusion of the feature in Android 15 may indicate that smartphone makers will use it more widely, giving more people access to Samsung’s Secure Folder-like features. Rahman points out that not all features were activated in the most recent beta because it’s still in development.

Source…

How cybercriminals use common apps on Google Play to spread malware

/in


Google Play is home to more than three million unique apps, most of which get updated regularly to update security patches and implement changes. However, cybercriminals have found ways to make use of these periodic updates to sneak malicious apps onto Google Play.

In 2023, apps with malicious codes were found to have been downloaded more than 600 million times on Google Play, Kaspersky shared in a blog post.

Some of the commonly downloaded apps that contain malware include photo editing apps, file managers, games, music and video players as well as health tracking apps.

The malware in these apps has been found to not just hide adware, but also track users’ location, cellular operator information, load spyware, record voice, and other sensitive user information.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

How threat actors post malicious apps on Google Play?

Cybercriminals create multiple developer accounts to upload apps on Google Play. Through these accounts they upload seemingly unremarkable apps with simple functionality and no malicious code to ensure they are able to sail through Google’s moderation checks. Once the app is downloaded by a sizeable audience, cybercriminals add malicious functionality in the app through an update.

An example of this is seen in the case of iRecorder app, which when uploaded to Google Play in 2021 was able to get past Google’s moderation checks as it did not contain any malicious code. However, once the app garnered close to 50,000 downloads, threat actors updated the app with malicious functionality, allowing the app to record sound from the device’s microphone every 15 minutes and sending it to a server of the app creators.

Threat actors have also been found to have made use of multiple developer accounts to ensure that they can continue uploading malicious apps if one of their accounts is blocked by the moderators.

From signing up for subscriptions to data mining, malicious apps do it all

Malicious codes in apps can be used to access sensitive user data including files, photos, videos and device’s location and cellular information. Such apps have also been found to sign up the user’s cellular…

Source…

Rocket Alert Apps Warn Israelis of Incoming Attacks While Gaza Is Left in the Dark

/in


The app and sirens are a backstop to Israel’s extensive military defenses. The Iron Dome missile defense system effectively intercepts or destroys most airborne weapons headed to Israel. But some rockets have slipped through, causing injuries in recent days, and the government has encouraged people in Israel to download its app.

Across the border, Israel’s military has sometimes called people in Gaza to warn of its own attacks. But power and communications networks there have been unreliable since Israel’s recent assault began, and on Friday internet access appeared to be cut off entirely. The Home Front Command app doesn’t provide alerts for the disputed Hamas-controlled territory, as it is out of Israel’s jurisdiction, Zamir says.

Palestinian activists and tech entrepreneurs say no one appears to be trying to provide civilians of Gaza with an equivalent early warning system. Hamas did not respond to requests for comment.

If power and communications were intact, a warning app could technically operate in Gaza, perhaps in a similar way to a system that Western governments fund in Syria. Vetted users and social media scanning tools feed the app with observations about drones, missiles, and other military movement. Machine learning and other data analysis techniques determine which areas of Syria need warning. Alerts then ring through public sirens and messaging apps.

But it’s unclear who would be willing to stand up a system like that in Gaza, or how it could keep functioning as Israel’s assault continues. Communications networks have faltered over the past three weeks of Israeli air strikes, which have damaged key infrastructure. On Friday the last internet provider whose service was operating in Gaza, Paltel, and UK internet monitoring company NetBlocks reported that Gaza was wholly offline. Power generators are reaching their limits, according to the UN agency advocating for Palestinians, after Israel cut off electricity and fresh fuel.

“Tech solutions are invalid,” says Mohammad Alnobani, a Palestinian who is CEO of Arab-focused stock photography service Middle Frame, speaking ahead of Friday’s communications collapse in Gaza. He says trying to maintain contact…

Source…