Security News

A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this.

Photos: IRISSCON 2022IRISSCON, the annual cyber crime-themed conference organized by the Irish Reporting and Information Security Service, was held in Dublin, Ireland on Thursday, November 10, 2022. Security "Sampling" puts US federal agencies at riskTitania launched an independent research report that uncovers the impact of exploitable misconfigurations on the security of networks in the US federal government.

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices," Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

Roid users are often advised to get mobile apps from Google Play, the company's official app marketplace, to minimize the possibility of downloading malware. "Distribution through droppers on official stores remains one of the most efficient ways for threat actors to reach a wide and unsuspecting audience. Although other distribution methods are also used depending on cybercriminals targets, resources, and motivation, droppers remain one of the best option on price-efforts-quality ratio, competing with SMiShing," Threat Fabric researchers recently pointed out, after sharing their discovery of several apps on Google Play functioning as droppers for the Sharkbot and Vultur banking trojans.

In brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times. Google Play has a history of hosting malicious apps, with perhaps one of the most egregious cases coming to light this past July when 60 apps installed by more than 3.3 million users were taken down due to malware.

At the time of publishing, the apps are still present on Google Play under a developer account called Mobile apps Group, and have a total install count of more than one million. According to a report from Malwarebytes, the same developer was exposed twice in the past for distributing adware on Google Play but it was allowed to continue publishing apps after submitting cleaned versions.

A set of Android malware droppers were found infiltrating the Google Play store to install banking trojans pretending to be app updates. Malware droppers are a challenging category of apps to stop because they do not contain malicious code themselves and thus can more easily pass Google Play reviews when submitted to the store.

Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android. Clicker apps are a special category of adware that loads ads in invisible frames or in the background and clicks them to generate revenue for their operators.

Security researchers have discovered 75 applications on Google Play and another ten on Apple's App Store engaged in ad fraud. The Satori team have informed Google and Apple about their findings and the apps have been removed from the official Android and iOS stores.

A new and upgraded version of the SharkBot malware has returned to Google's Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations. Malware analysts at Cleafy, an Italian online fraud management and prevention company, discovered SharkBot in October 2021.