WARNING — Malware Found in CamScanner Android App With 100+ Million Users

By: Swati Khandelwal

Beware! Attackers can remotely hijack your Android device and steal data stored on it, if you are using free version of CamScanner, a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store.

So, to be safe, just uninstall the CamScanner app from your Android device now, as Google has already removed the app from its official Play Store.

Unfortunately, CamScanner has recently gone rogue as researchers found a hidden Trojan Dropper module within the app that could allow remote attackers to secretly download and install malicious program on users’ Android devices without their knowledge.

However, the malicious module doesn’t actually reside in the code of CamScanner Android app itself; instead, it is part of a 3rd-party advertising library that recently was introduced in the PDF creator app.

Discovered by Kaspersky security researchers, the issue came to light after many CamScanner users spotted suspicious behavior and posted negative reviews on Google Play Store over the past few months, indicating the presence of an unwanted feature.

“It can be assumed that the reason why this malware was added was the app developers’ partnership with an unscrupulous advertiser,” the researchers said.

The analysis of the malicious Trojan Dropper module revealed that the same component was also previously observed in some apps pre-installed on Chinese smartphones.

“The module extracts and runs another malicious module from an encrypted file included in the app’s resources,” researchers warned.

 

“As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.”

Kaspersky researchers reported its findings to Google, who promptly removed the CamScanner app from its Play Store, but they say “it looks like app developers got rid of the malicious code with the latest update of CamScanner.”

More: https://thehackernews.com/2019/08/android-camscanner-malware.html

85 aplicativos maliciosos da Google Play foram baixados mais de 8 milhões de vezes

By: TI Inside Online

A Trend Micro identificou uma nova família de adware no Google Play. Chamada de AndroidOS_Hidenad.HRXH, os falsos apps se disfarçavam de aplicativos de fotos e jogos. Além dos típicos métodos de adware, que consistem na exibição de anúncios difíceis ou impossíveis de se fechar, essa ameaça utiliza técnicas únicas para evitar sua detecção a partir de gatilhos baseados no tempo e no comportamento do usuário.

No total, os 85 aplicativos maliciosos da Google Play foram baixados mais de oito milhões de vezes. Eles se passavam por apps de jogos e fotografia e usavam técnicas avançadas de evasão. Após o download, a ameaça esperava mais de 30 minutos para agir e então escondia o ícone do aplicativo, e impedindo que o app fosse desinstalado ao ter seu ícone arrastado para a seção “desinstalar” da tela.

Embora os aplicativos tenham as funcionalidades reais das aplicações de que se disfarçam, os anúncios são mostrados em toda a tela, forçando os usuários a visualizar toda a duração do anúncio antes de conseguir fechá-lo ou voltar ao próprio app. Além disso, a frequência com que eles são exibidos pode ser configurada remotamente pelo fraudador, o que poderia aumentar o incômodo dos usuários.

Mais: https://tiinside.com.br/tiinside/seguranca/mercado-seguranca/20/08/2019

Aplicações consideradas malware permanecem no Google Play em média 51 dias

By: ESET Portugal Blog

Um estudo sobre a segurança em Android realizado no primeiro semestre de 2019 assegura que 2% das apps eliminadas do Google Play são consideradas malware e chegam a permanecer na loja até 138 dias

estudo realizado pela ElevenPath sobre o estado da segurança na primeira metade de 2019 analisa a segurança em Android, e refere que, durante este primeiro semestre, foram eliminadas um total de 44.782 aplicações da loja oficial da Google. Assim, e como parte do estudo, foi analisado um conjunto de 5.000 aplicações como amostra, das quais um total de 115 foram qualificadas como maliciosas.

Como tal, extrapolando estes números concluíram que cerca de 2% das aplicações eliminadas do Google Play durante o primeiro semestre de 2019 foram consideradas malware.

O estudo analisou também o tempo de permanência destas apps maliciosas no Google Play e revelou que estas apps maliciosas estiveram em média 51 dias disponíveis para download antes de serem eliminadas, chegando mesmo a permanecer 138 dias, em alguns casos.

Apesar dos especialistas em segurança recomendarem o download de apps apenas a partir de sites oficiais dada a possibilidade de descarregarem malware de sites e plataformas de baixa reputação, a realidade também indica que, tal como temos reportado noutras oportunidades, muitas aplicações maliciosas enganam os filtros de segurança da loja oficial da Google (assim como da Apple) e conseguem ficar disponíveis para download, até que sejam detetadas e eliminadas. Apesar desta ser uma realidade inegável e abordar as dificuldades que enfrenta um gigante como a Google quanto à aplicação de filtros para determinar a segurança de uma app antes de a disponibilizar na sua loja oficial, isto não quer dizer que mesmo assim não seja mais seguro descarregar uma app do Google Play ou da App Store que de lojas não oficiais cujos filtros são ainda mais débeis.

O investigador de segurança da ESET, Lukas Stefanko, assegurou que “várias investigações têm demonstrado, em diversas ocasiões, que os sistemas de proteção do Google Play não são inexpugnáveis. Mas, e apesar de não ser tão segura como uma base militar, faz um bom trabalho a combater aquelas aplicações perigosas, e caso as detete, elimina-as, evitando mesmo que desenvolvedores cujas contas foram proibidas possam criar novas contas e continuem a publicar apps maliciosas”.

Mais: https://blog.eset.pt/2019/07/aplicacoes-consideradas-malware-permanecem-no-google-play-em-media-51-dias/

Avast localiza apps de espionagem na Google Play

By: Henrique Medeiros

 

A Avast divulgou mais um alerta nesta quinta-feira, 18, sobre aplicativos usados para espionar digitalmente usuários. Sete apps com essas funções foram identificados na Google Play. São eles: Track Employees, Check Work Phone Online Spy Free, Spy Kids Tracker, Phone Cell Tracker, Mobile Tracking, Spy Tracker, SMS Tracker e Employee Work Spy.

Para rodar os apps, o perseguidor deve ter acesso ao smartphone. Com o celular da vítima em mãos, o stalker deve baixar e instalar o app espião da Google Play. Em seguida, deve preencher um endereço de e-mail e criar uma senha para então começar a acompanhar os passos da vítima.

De acordo com Nikolaos Chrysaidos, head de inteligência e segurança de ameaças em dispositivos móveis na companhia, os apps coletam informações da agenda de contatos, dados de mensagens SMS, localização, mensagens trocadas no WhatsApp e Viber, além de ver o histórico de chamadas telefônicas.

Mais: https://www.mobiletime.com.br/noticias/18/07/2019/avast-localiza-apps-de-espionagem-na-google-play/

25 Million Android Phones Infected With Malware That ‘Hides In WhatsApp’

By: Thomas Brewster

As many as 25 million Android phones have been hit with malware that replaces installed apps like WhatsApp with evil versions that serve up adverts, cybersecurity researchers warned Wednesday.

Dubbed Agent Smith, the malware abuses previously-known weaknesses in the Android operating system, making updating to the latest, patched version of Google’s operating system a priority, Israeli security company Check Point said.

Most victims are based in India, where as many as 15 million were infected. But there are more than 300,000 in the U.S., with another 137,000 in the U.K., making this one of the more severe threats to have hit Google’s operating system in recent memory.

The malware has spread via a third party app store 9apps.com, which is owned by China’s Alibaba, rather than the official Google Play store. Typically, such non-Google Play attacks focus on developing countries, making the hackers’ success in the U.S. and the U.K. more remarkable, Check Point said.

Whilst the replaced apps will serve up malicious ads, whoever’s behind the hacks could do worse, Check Point warned in a blog. “Due to its ability to hide it’s icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device,” the researchers wrote.

They said they’d warned Google and the relevant law enforcement agencies. Google hadn’t provided comment at the time of publication.

More: https://www.forbes.com/sites/thomasbrewster/2019/07/10/25-million-android-phones-infected-with-malware-that-hides-in-whatsapp/#1df131a94470

Hundreds of Thousands Download Spyware from Google Play

By: Ionut Arghire

Hundreds of thousands of users ended up with spyware on their devices after downloading seemingly legitimate applications from Google Play, Trend Micro security researchers have discovered. 

Detected as MobSTSPY, the malware, which can gather various information from the victims, isn’t new. For distribution, its operators chose to masquerade the threat as legitimate Android applications and submit them to Google Play.

Trend Micro discovered a total of six such applications, including FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher, Flappy Bird, and Flappy Birr Dog. Available for download in Google Play in 2018, some of these were downloaded over 100,000 times by users from all over the world.

Once one of these applications has been installed on the victim’s device, the spyware can proceed to stealing information such as SMS conversations, call logs, user location, and clipboard items. The malware sends the collected information to the attacker’s server using Firebase Cloud Messaging.

Upon initial execution, the malware checks the device’s network availability, after which it reads and parses an XML configuration file from its command and control (C&C) server. Next, it collects information such as language used on the device, registered country, package name, manufacturer, etc.

The information is then sent to the C&C server for registration purposes. After this step has been completed, the malware waits for the server to send over commands to execute.

Based on the received commands, the spyware can not only steal SMS messages and call logs, but can also retrieve contact lists and files found on the device.

The malware can also perform a phishing attack to gather credentials from the infected device, the security researchers discovered. It can display fake Facebook and Google pop-ups, thus tricking the user into revealing their account details.

After the user provides the credentials, a fake pop-up informs them the log-in was unsuccessful, but at this point the malware has already stolen the credentials.

“Part of what makes this case interesting is how widely its applications have been

More: https://www.securityweek.com/hundreds-thousands-download-spyware-google-play

Advierten sobre falsas apps de ciberseguridad en Google Play

By: Tecnósfera

Investigadores de la firma Eset Latinoamérica identificaron 35 falsas aplicaciones de ciberseguridad en la tienda de Google Play que prometían detectar archivos maliciosos pero que solo servían para mostrar publicidad no deseada.

De acuerdo con la compañía, los riesgos de descargar este tipo de herramientas radican en que al imitar funciones básicas de ciberseguridad, se pueden detectar aplicaciones maliciosas como legítimas lo que deja a los usuarios expuestos a riesgos reales.

Camilo Gutiérrez, jefe del Laboratorio de Investigación de ESET Latinoamérica, destaca que “si bien estas falsas aplicaciones de seguridad no tienen las funcionalidades de amenazas como el ransomware u otro tipo de malware, despliegan publicidad molesta, realizan detecciones que resultan ser falsos positivos y dan a los usuarios un falso sentido de seguridad, lo que implica que millones de personas poco conscientes pueden fácilmente terminar descargando verdaderos códigos maliciosos disfrazados de una forma similar”.

Los análisis realizados además mostraron que la mayoría de las apps no cumplían con las funciones que prometían y que además las medidas de seguridad tomadas para proteger la información del usuario no eran lo suficientemente eficaces. Por ejemplo, brindaban la posibilidad de establecer una contraseña o patrón de desbloqueo para supuestamente proveer al usuario  una capa adicional de seguridad.

Sin embargo, Gutierrez señala que “el problema principal es que la información importante no es almacenada de forma segura en el dispositivo. En lugar de utilizar cifrado, lo cual es una buena práctica, estas aplicaciones almacenan los nombres de las aplicaciones bloqueadas y las contraseñas para desbloquearlas en texto plano”.

MÁS :http://m.eltiempo.com/amp/tecnosfera/apps/falsas-aplicaciones-de-ciberseguridad-en-google-play-207582

Fake Cryptocurrency Trading Apps Harvest Credentials and Steal Cash

By: sikur

Capturar

Tara Seals

23 OCT 2017

Hackers are targeting users of the cryptocurrency exchange Poloniex, with two credential-stealing apps that masquerade as official mobile apps for the service.

ESET researchers discovered them on Google Play, built to not only harvest Poloniex login credentials, but also to trick victims into making their Gmail accounts accessible.

“Poloniex is one of the world’s leading cryptocurrency exchanges with more than 100 cryptocurrencies in which to buy and trade,” the researchers said, in a blog. “With all the hype around cryptocurrencies, cyber-criminals are trying to grab whatever new opportunity they can—be it hijacking users’ computing power to mine cryptocurrencies via browsers or by compromising unpatched machines, or various scam schemes utilizing phishing websites and fake apps.”

Both apps work the same way: First, they display a bogus screen requesting Poloniex login credentials, which are then sent on to the attackers. With the logins in hand, attackers can carry out transactions on the user’s behalf, change their settings or even lock them out of their account by changing their password.

The next step is a prompt, seemingly on behalf of Google, asking them to sign in with their Google account “for two-step security check.” The apps then ask for permission to view the user’s email messages and settings, and basic profile info. If the user grants the permissions, the app gains access to their inbox.

MORE: https://www.infosecurity-magazine.com/news/fake-cryptocurrency-trading-apps/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist