For four months, twelve Android applications had foiled the protections of the Play Store. They made it possible to collect personal data including banking information. They were very difficult to detect. Google removed them.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyber attacks are more and more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the hackers’ methods and what are the most massive cyber attacks?
They are twelve in number and have been slow to be discovered by cybersecurity researchers from ThreatFabric. This is a lot ofapplications of the Play Store for Android infected. They went through security systems. Downloaded more than 300,000 times, for four months, they locked up banking Trojans which came to siphon off the Passwords users and codes oftwo-factor authentication.
The strikes at keyboard were also noted and the malware also took the opportunity to take screenshot. Applications that appear virtuous, such as a QR code scanner, or for create PDF, or management of cryptocurrency, locked up up to four families of malware. The researchers had great difficulty in detecting the harmful load of these applications and it is exactly thanks to this weak signature that they went under the radar of Google’s automatic detection systems. It should be noted that it is after the installation of the application that the payloads were repatriated in the form of updates from sources other than the Play Store.
Updates to install the malware
The creators of this malware are clever because, in order not to attract attention, the installation of malicious code was not systematic and they only targeted certain geographical areas. Likewise, the applications had all theair to be legitimate and also had positive opinions. They functioned normally and performed normally for the task for which they were designed. the Trojan horse bank with the most operations door the name of Anatsa. The other three are called Alien, Hydra and Ermac. All were inoculated via a module called Gymdrop. By not going systematically looking for the payload, it was this which made it possible not to attract the attention of the security systems.
While last week nine million smartphones have been contaminated by an application on the AppGallery of Huawei, malware detection is still one of the main concerns in application stores and especially at Google. Over the past ten years, many infected applications have found their place in the Play Store. They are removed immediately after being detected; but, as this example shows, despite advanced protection systems, hackers are always one step ahead to fool them.
Interested in what you just read?
.
fs1