Skip to content

Android

Another malware outbreak in Google’s Play Store

Regular readers (are their any?) will note that I often rail against Google not policing their Good Play Store. Users think that since it has Google’s name on it, it is safe. Not in the least bit. In addition to the fact that the majority of apps have built in spyware, there are even more serious malware laden apps as the following article delineates.

Quote

50 apps get pulled as ExpensiveWall malware runs riot in the store

Google has had to pull 50 malware-laden apps from its Play Store after researchers found that virus writers had once again managed to fool the Chocolate Factory’s code checking system.

The malware was dubbed ExpensiveWall by Check Point security researchers because it was found in the Lovely Wallpaper app. It carries a payload that registers victims for paid online services and sends premium SMS messages from a user’s phone and leaves them to pick up the bill. It was found in 50 apps on the Play Store and downloaded by between 1 million and 4.2 million users.

Once downloaded, the malware asks for permission to access the internet and send and receive SMS messages. It then pings its command and control server with information on the infected handset, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI numbers.

The servers then send the malware a URL, which it opens in an embedded WebView window. It then downloads the attack JavaScript code and begins to clock up bills for the victim. The researchers think the malware came from a software development kit called GTK.

“Check Point notified Google about ExpensiveWall on August 7, 2017, and Google promptly removed the reported samples from its store,” the researchers note. “However, even after the affected Apps were removed, within days another sample infiltrated Google Play, infecting more than 5,000 devices before it was removed four days later.”

It appears that Google missed warnings about the malware infection. The user comments section of at least one of the infected apps was filled with outraged users noting that it was carrying a malicious payload and it appears that the apps were being promoted on Instagram.

Cases of malware infecting Google’s Play Store are becoming depressingly common. Just last month it was banking malware and a botnet controller, in July commercial spyware made it in, advertising spamming code popped up in May (preceded by similar cases in March and April), and there was a ransomware outbreak in January.

By contrast, Apple’s App Store appears to do a much better job at checking code, and malware is a rarity in Cupertino’s app bazaar. While some developers complain that it can take a long time to get code cleared by Apple, at least the firm is protecting its customers by doing a thorough job, although Apple’s small market share also means malware writers tend not to use iOS for their apps.

By contrast, Google’s Bouncer automated code-checking software appears to be very easily fooled. Google advised users to only download apps from its Store, since many third-party marketplaces are riddled with dodgy apps, but that advice is getting increasingly untenable.

It’s clear something’s going to have to change down at the Chocolate Factory to rectify this. A big outbreak of seriously damaging malware could wreak havoc, given Android’s current market share, and permanently link the reputation of the operating system with malware, in the same way as Windows in the 90s and noughties. ®

Google to kill passwords on Android, replace ’em with ‘trust scores’

Quote

Bad idea – basically adds new features for google to identify you, track you, and sell your private info to their empire. Yeah, I need protection from Google, not protection from them.

Google is planning to use “trust scores” to kill off traditional passwords on Android.

The internet giant wants to get rid of password logins, at least for Android apps, by 2017. Google outlined its plans at its I/O conference last week.