Security News

The actors have set up a page that looks very close to Android's official Google Play app store to trick visitors into thinking they are installing the app from a trustworthy service. The malware pretends to be the official banking app for Itaú Unibanco and features the same icon as the legitimate app.

The Joker malware is back again on Google Play, this time spotted in a mobile application called Color Message. Joker apps subscribe victims to unwanted, paid premium services controlled by the attackers - a type of billing fraud that researchers categorize as "Fleeceware." Often, the victim is none the wiser until the mobile bill arrives.

Since August 2021, malware peddlers have managed to spread four families of Android banking trojans via malware droppers introduced in Google Play. They did it by employing a series of tricks to bypass the app store's restrictions, evade automatic detection, and trick users into believing the apps they downloaded are legitimate and innocuous.

Malware campaigns distributing Android trojans that steals online bank credentials have infected almost 300,000 devices through malicious apps pushed via Google's Play Store. The Android banking trojans delivered onto compromised devices attempt to steal users' credentials when they log in to an online banking or cryptocurrency apps.

Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000 banking trojan installations over just the past four months in the official Android app marketplace. Researchers from Threat Fabric reported that these threat groups have honed their ability to use Google Play to propagate banking trojans by shrinking the footprint of their dropper apps, eliminating the number of permissions they ask for, boosting the overall quality of the attack with better code and standing up convincing companion websites.

Two Android apps available on the Google Play store have been found to contain malware this week. Smart TV remote app packs 'Joker' malware.

Researchers have discovered 19 mobile apps carrying rooting malware on official and third-party Android app stores, including Google Play and Samsung Galaxy Store. "By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware - steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances."

An Android app sitting on the Google Play store touts itself to be a photo editor app. Like many Android apps, the "Blender Photo Editor-Easy Photo Background Editor" app comes with the sign-in with Facebook functionality.

It's possible to track someone's user location via Google Play sign-ins, a researcher has discovered - a potential stalker avenue that, so far, the internet behemoth has yet to address. In short: Arntz logged into his Google Play account from his wife's phone, in order to pay for an app that that she wanted to install.

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. Two of the apps added insult to injury by requiring users to purchase them, researchers found: Crypto Holic - Bitcoin Cloud Mining costs $12.99 to download, while Daily Bitcoin Rewards - Cloud Based Mining System cost $5.99.