Tag: store | SpinSafe

Messaging, News Apps Stuffed With Data Stealing Malware Listed On Google Play Store; Check List Here

February 4, 2024/in Computer Security

VajraSpy Malware: Instances of malicious apps appearing on Google Play Store have been on the rise in recent times. Continuing this series, ESET researchers identified 12 Android apps with malicious code, six of which were listed on the Play Store. Most of these apps were messaging apps with one being from the news category. The apps execute VajraSpy, a remote access trojan (RAT) code of the Patchwork APT group on the affected device.

Depending on the permissions granted to these apps, they can steal call logs, contacts, messages and files from an affected device. Plus, it can extract messages from WhatsApp and Signal, record calls, click photos using the camera, intercept notifications and search files on the compromised handset. Among the most affected regions with this campaign were Pakistan and India. According to ESET Research, the apps on Play Store absorbed over 1,400 installs.

Also Read: Clean Malware From Android And Windows Devices With These Govt-Approved Free Tools

The cybersecurity firm managed to geolocate 148 devices compromised with the VajraSpy due to its weak security protocol. The blog of WeLiveSecurity stated that these bad actors used a “honey-trap romance scam” to lure victims to install the malware. Here is the list of apps that were available on the Play Store:

– Privee Talk

– MeetMe

– Let’s Chat

– Quick Chat

– Rafaqat (News)

– Chit Chat

The above-stated apps have now been removed from Google Play Store. (Image:Unsplash)

While the apps have been removed from the Play Store, here are the other apps that were available in the wild

– YohooTalk

– TikTalk

– Hello Chat

– Nidus

– GlowChat

– Wave Chat

Also Read: Operation Triangulation To Xamalicious To Chameleon Trojan, Latest Threats Targeting iOS, Android Users; How To Be Safe

ESET researcher Lukas Stefanko noted that the impact of VajraSpy due to third-party app markets remains unknown due to the lack of download figures. As a precautionary measure, users must not download chat apps from links received from unknown people and monitor the permissions of apps on their devices.

Google shared a statement to BleepingComputer: “We take security and privacy claims against apps seriously, and if we…

Source…

Xamalicious Android malware distributed through the Play Store

December 28, 2023/in Mobile Security

Xamalicious Android malware distributed through the Play Store

Pierluigi Paganini
December 27, 2023

Researchers discovered a new Android malware dubbed Xamalicious that can take full control of the device and perform fraudulent actions.

McAfee Mobile Research Team discovered a new Android backdoor dubbed Xamalicious that can take full control of the device and perform fraudulent actions.

The malware has been implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#.

Xamalicious relies on social engineering to gain accessibility privileges, then it connects to C2 to evaluate whether or not to download a second-stage payload. The malicious payload is dynamically injected as an assembly DLL at runtime level to take full control of the device and perform a broad range of fraudulent actions such as clicking on ads and installing apps.

The second stage payload uses the powerful accessibility services granted during the first stage to take full control of the infected device. The malicious code also supports a self-update mechanism for the main APK, which makes the threat very versatile.

The experts discovered a link between Xamalicious and the ad-fraud app “Cash Magnet” which fraudsters use to generate revenue by instructing the devices to click ads, installs apps, and other actions.

The researchers believe that the developers behind this backdoor are financially motivated.

The usage of the Xamarin framework allowed threat actors to remain under the radar for a long time. The authors also implemented different obfuscation techniques and custom encryption to avoid detection.

McAfee identified about 25 different malicious apps, some of which have been uploaded on Google Play since mid-2020. The researchers estimated that the malicious apps were downloaded at least 327,000 times.

The malware-laced apps masqueraded as health, games, horoscope, and productivity apps. Google promptly removed the malware-laced apps from Google Play.

“Based on the number of installations these apps may have compromised at least 327,000 devices from Google Play plus the installations coming from third-party markets that continually produce…

Source…

Nothing removes iMessage Android app from Play Store amid security concerns

November 18, 2023/in Mobile Security

❘ Published: 2023-11-18T17:16:49 ❘ Updated: 2023-11-18T17:16:59

Nothing Chats was an app intended to give Android users a method of messaging others through Apple’s iMessage app, but the method in which they used to work around Apple’s security raised some eyebrows. And, just a short time after launch, Nothing removed their app from the Play Store to “fix several bugs”.

With how large of a company Apple is, it’s no surprise that they’ve got an iron grip when it comes to their exclusive hardware and software capabilities.

Article continues after ad

One of the biggest barriers between Android and Apple users is the prominence of iMessage, the main messaging app for iPhones. The Apple-exclusive messaging app has some concessions when it comes to messaging non-Apple phones like making Android users’ media lower quality when sent via messages.

So, Nothing sought to create a method of bypassing Apple’s hold in the area that’d give Android users access it. However, the way in which they went about getting around Apple’s identification raised some security concerns. Though Nothing has yet to address those concerns, they have removed the app from the store a short time after launch.

Article continues after ad

We’ve removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.

We apologise for the delay and will do right by our users.

— Nothing (@nothing) November 18, 2023

Nothing pulls iMessage app amid ongoing security concerns

MKBHD explained these security concerns in detail, but the gist is that Nothing and Sunbird’s workaround involves Sunbird storing data on a Firebase server. As a result, the data could be up for grabs if someone is able to get ahold of the token to log into the Mac connected to the server that makes the app’s workaround function.

Sign up to Dexerto for free and receive:

Fewer Ads|Dark Mode|Deals in Gaming, TV and Movies, and Tech

Users have discovered a short line of code that can be used to download user data en masse from the Firebase server managing all…

Source…

Android VPNs to get audit badges in Google Play Store if they aren’t comically crap • The Register

November 4, 2023/in Mobile Security

Google wants to help Android users find more trustworthy VPN apps through better badging alerting to independent audits.

The ad impresario and cloud concession has afforded independently audited applications in its Play store a more prominent display of their security bonafides, specifically a banner atop their Google Play page.

VPN apps are the first to receive this special treatment, explained Nataliya Stanetsky, from Google’s Android Security and Privacy Team, in an announcement, because they handle significant amounts of sensitive data. And they’re thus a popular target for subversion by miscreants.

“When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the ‘Independent security review’ badge in the Data Safety Section,” said Stanetsky.

Last year, Google’s partnership with the App Defense Alliance (ADA), launched in 2019, was expanded to include the Mobile App Security Assessment (MASA), a way to check Android apps to ensure they comply with a security standard defined by OWASP.

It’s not a particularly thorough audit. As the ADA’s website states, “MASA is intended to provide more transparency into the app’s security architecture, however the limited nature of testing does not guarantee complete safety of the application.”

The ADA also advises that MASA does not necessarily check app developers’ safety declarations. Obviously the alliance doesn’t want to be blamed if it misses something and an info-stealing app slips by, but the group’s MASA endorsement counts for something.

MASA looks for obvious bad practices, like whether sensitive data gets written to application log files and whether the app reuses cryptographic keys for multiple purposes, among its many checks. It’s safe to say you’re better off with apps that avoid such missteps, even if it’s not safe to say they’re guaranteed to be secure.

At least if MASA misses, the Android ecosystem has other security measures in place. As Google proudly proclaims, it tries to protect against PHAs and MUwS – potentially harmful applications and mobile unwanted software, in case your gibberish translator is down. It does so through static and dynamic risk…

Source…

Tag Archive for: store

Xamalicious Android malware distributed through the Play Store

Researchers discovered a new Android malware dubbed Xamalicious that can take full control of the device and perform fraudulent actions.

Nothing pulls iMessage app amid ongoing security concerns