Hacks

Google has published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for the same, Google also advised using an easy-to-implement  security library  available as part of its Jetpack software suite. The open-sourced  Jetpack Security  (aka JetSec) library lets Android app developers easily read and write encrypted files by following  best security practices , including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens. To give a bit of context, Android offers developers  two different ways  to save app data. The first one is app-specific storage, also known as internal storage, where the files are stored in a sandboxed folder meant for a specific app's use and inaccessible t...

Google has banned nearly  600 Android apps  from the Play Store for bombarding users with disruptive ads and violating its advertising guidelines. The company categorizes disruptive ads as "ads that are displayed to users in unexpected ways, including impairing or interfering with the usability of device functions," such as a full-screen ad served when attempting to make a phone call. Although Google didn't name the specific apps in question, many of the apps — which had been installed more than 4.5 billion times — primarily targeted English-speaking users and were mainly from developers based in China, Hong Kong, Singapore, and India, according to  Buzzfeed  News. Highlighting that malicious developers are getting "more savvy in deploying and masking disruptive ads," the company said it has developed new counter mechanisms to detect such behavior. Trouble in Google Play Store This is not the first time adware apps have been removed from the Google Play ...

Google continues to enhance the safety of Google Play with continuous improvements, enhancements, and teams to fight against malicious apps and developers. Google Play Protect is built-in malware protection for Android, it was introduced in the year 2017, aiming to detect malicious apps in the Google Play and off of user’s devices. According to Android Security & Privacy  report  2018, Google blocks more than 3.2 billion malicious apps installation. Starting from October 2018, Google announced a new policy update to limit the apps unnecessarily accessing sensitive information such as SMS and Call Log data. Google Play Protect scans over 100B apps Google Play protects scans more than 100B apps every day and alerts the users about the security measures and the steps that need to be taken. It also notified you if you have installed new or rarely installed apps in the ecosystem when the play protects is enabled it shows the following warning when the malicious ...

Researchers discovered a new type of strange malware that targeting android device, and use the victim’s mobiles to provide fake ratings in Google play store apps for malicious apps. You may have seen reviews in Google Play apps that seem to be talking about something unrelated to the apps. this malware named as Trojan-Dropper.AndroidOS.Shopper.a. give it five stars, while dozens of users rate it as 1 start. Cybercriminals used this trojan to boosting malicious, fake and adware apps and increasing the number of installations. Also, the Trojan will perform various malicious activities such as display advertising messages on the infected device, create shortcuts to ad sites, and perform other actions. Apart from reviewing with fake comments, the malware evades the user’s detection, the installation window is concealed by the app’s “invisible” window.  Shopper.a also enables the AccessibilityService to install the new apps from the 3rd party services. Acc...

Researchers discovered over 100 malicious apps from Google play store that downloaded by more than 4.6 android users around the globe. Most of the malicious apps are commits ad fraud, and the app malicious apps are using the same common code package dubbed “Soraka” ( com.android.sorakalibrary.* ). “GBHackers on Security” reported  several adware incidents  in the past few months, and it’s rapidly growing to exclusively target the Android users to generate millions of dollars revenue. Malware, Spyware, and Adware can accompany them, become a parasite in user’s systems resulting in unnecessary disruptions, and breaches of the personal data in your Android devices. In addition to the Soraka code package, Researchers also discovered, in some of the apps, a variant with similar functionality which we dubbed “Sogo” ( com.android.sogolibrary.* ): Some of The Malicious Apps Activities An app called “ Best Fortune Explorer App ” published under the publisher JavierGent...

Researchers discovered a new Trojan family called “Venus” resides in the Google play store infected at least 285,000 Android users around the world. There are 8 apps involved with the malicious activities in Android user’s device and it is mainly targeting the carrier billing and advertising area. 8 Malicious apps list Threat actors developed these apps to interact with Ads and subscribe the user to premium services without any sort of notification, and it also bypasses the Google Play protect and malware detection system. There are several countries were targeted by this malware campaign including Belgium, France, Germany, Guinea, Morocco, Netherlands, Poland, Portugal, Senegal, Spain, and Tunisia. Malware Infection Process via Malicious App Researchers observed that most of the data consumed by an application called “Quick scanner” which is protected by a library that encrypts and hides files.  According to Evina  research , “The ap...

Anubis banking malware  re-emerges again and the threat actors distributing the malware on Google Play store apps to stealing login credentials to banking apps, e-wallets, and payment cards. Hackers always finding new ways to bypass the Google play store security and distributing malware via Android apps that will act as the first step in an infection routine that fetches the BankBot Anubis mobile banking Trojans via C&C server. Users are frequently get infected once they download and install the malicious apps via google play store, even though play store security inspects all the app that uploaded into Google Play, cybercriminals always implement the sophisticated techniques to evade detection. Researchers found a new downloader in-app store that linked with Anubis banking malware and this campaign contains at least 10 malicious downloaders disguised as various applications. All the Downloader distributed via Android apps can fetch more than 1,000 samp...