Security News

Google has made a concerted effort in recent months to try to eliminate bad apps for its Android mobile platform on the Google Play store-something the company historically has battled. These type of apps have been installed nearly 600 million times on 100 million plus devices, according to a Sophos report, which said it pulled the numbers from Google's own Google Play marketplace.

The treachery lies in the payment model - the fleeceware we identified back in September 2019 didn't charge a fee for the app, but instead sold you a subscription to go along with the app. The app's free, don't forget; it's the subscription that you're being charged for, and Google permits app developers to ask that sort of money.

Google has removed 17,000 Android apps to date from the Play store that have been conduits for the Joker malware - and in an analysis of the code, said that Joker's operators have "At some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected." The internet giant said that having three or more active variants of Joker in circulation at the same time using different approaches or targeting different carriers is the norm; and at peak times of activity, up to 23 different apps from the Joker family have been submitted to Play in one day.

Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android to install the app aimed at spying on users. The Camero app would download a DEX file from a C&C, which would then download the callCam APK file and use the CVE-2019-2215 exploit to root the device, install the app and launch it without any user interaction or the user's knowledge.

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone-even if downloaded from the official Google Store store⁠-you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.

At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks. The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.

A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google's Pixel phones. Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone.

Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due to claims that it was being used for government espionage. Despite the app's popularity, it was quickly take down from Google Play and the Apple App Store after a report from the New York Times in December claimed that the app is actually being used by the government of the United Arab Emirates as a spy tool used to track users' conversations and location.

The popular UAE-developed mobile application ToTok has returned to the Google Play Store after it was removed on claims it was being used for government spying, the company said Saturday. Google and Apple removed the app from their online marketplaces last month after The New York Times reported ToTok allowed the UAE government to track the conversations, movements and other details of people who installed it on their phone.

Labeled "StrandHogg," the vulnerability discovered by the mobile security vendor Promon could give hackers access to users' photos, contacts, phone logs, and more.