Security News

Google Play to require privacy labels on apps in 2022, almost two years after Apple
2021-05-07 02:57

Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings. The data-harvesting ad giant on Thursday detailed plans to create a "Safety section in Google Play" that it says "Will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security."

Google Play Store to add privacy information for all Android apps
2021-05-06 16:00

Google announced the introduction of a privacy information section on the entries of Android applications listed in its Google Play Store digital distribution service starting with Q1 2022. "Today, we're pre-announcing an upcoming safety section in Google Play that will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security," Suzanne Frey, Product VP for Android Security and Privacy, said.

Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store
2021-04-22 05:33

Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform.

BRATA Malware Poses as Android Security Scanners on Google Play Store
2021-04-13 00:19

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.

Fake Netflix App on Google Play Spreads Malware Via WhatsApp
2021-04-07 16:47

Malware disguised as a Netflix app, lurking on the Google Play store, spread through WhatsApp messages, researchers have discovered. According to a Check Point Research analysis released on Wednesday, the malware masqueraded as an app called "FlixOnline," which advertised via WhatsApp messages promising "2 Months of Netflix Premium Free Anywhere in the World for 60 days." But once installed, the malware sets about stealing data and credentials.

WhatsApp-based wormable Android malware spotted on the Google Play Store
2021-04-07 03:36

Cybersecurity researchers have discovered yet another piece of wormable Android malware-but this time downloadable directly from the official Google Play Store-that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a payload received from a command-and-control server.

Google Play Harbors Malware-Laced Apps Delivering Spy Trojans
2021-03-09 16:44

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.

9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware
2021-03-09 03:13

Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. "This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the evaluation period successfully, and changes the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT," Check Point researchers Aviran Hazum, Bohdan Melnykov, and Israel Wernik said in a write-up published today.

Google Play Boots Barcode Scanner App After Ad Explosion
2021-02-09 22:31

A barcode scanner app, with over 10 million downloads, was booted from the Google Play marketplace after users began to complain of mobile-ad overload. The makers of the app, called Barcode Scanner, intentionally altered the code of the app via an update turning it from a benign app to adware, according to researchers. Tipped by a user, researchers at Malwarebytes explained, the publisher added new heavily obfuscated code to the app that directed the default mobile web browser to launch and serve-up ads - whether the barcode app was active or not.

Android devs: If you're using the Google Play Core Library, update it against this remote file inclusion CVE. Pronto
2020-12-03 15:01

Infosec bods from Check Point have discovered that popular apps are still running outdated versions of Google's Play Core library for Android - versions that contained a remote file inclusion vulnerability. They found that the Play Core Library, an in-app update and streamlining feature offered to Android devs, could be abused to "Add executable modules to any apps using the library".