Spyware Gamed 1.5M Users of Google Play Store

  /     /     /  
Publicated : 23/11/2024   Category : security


Spyware Gamed 1.5M Users of Google Play Store


Malware spoofed file management applications thanks to elevated permissions, enabling exfiltration of sensitive data with no user interaction, researchers find.



Two separate malicious apps loaded with spyware were found lurking in the Google Play store, loaded with zero-click spyware leading back to China.
Together, both applications tracked to the same developer, affected an estimated 1.5 million users, according to a new security alert from Pradeo. Google removed the apps within hours of being notified, the researchers add.
Most malicious apps rely on the victim to actually use it to successfully deliver malware, but these relied on permissions instead, according to Pradeo.
Often, users install applications they end up not even using, the security alert said. For most malware, that means the attack is unsuccessful. To overcome that obstacle, File Manager and File Recovery and Data Recovery can, through the advanced permissions they use, induce the restart of the device. This then permits the apps to launch and execute themselves automatically at restart.
Pradeo researcher Roxane Suau explained to Dark Reading that in addition to file manager applications, junk cleaner apps are also often spoofed for malicious purposes because of the elevated permissions required for them to perform their tasks.
Beyond sneaky permissions, the
spyware apps
misrepresented the amount of data collected, which raises flags about the security controls on applications available in the Google Play store, according to Melissa Bischoping, director at endpoint security research at Tanium.
Users are often encouraged to place trust in the data privacy and safety reports on an apps page in the store, and this kind of deception undermines trust in all apps, not just the ones analyzed in the Pradeo reporting, Bischoping says. There are over 3.5 million apps in the store, so it would be a herculean effort to perform deep-dive analysis of how each app complies with its stated privacy and security practices. That said, this type of glaring inaccuracy demonstrates a need for tighter vetting and control over what is published.
The damage these
malicious applications
can do to enterprises increases dramatically with
bring your own device (BYOD) policies
in the mix, Bischoping points out.
A bring your own device policy often results in unmanageability of mobile devices for large organizations, she explains. Because of this, you cannot control what apps an employee may install or how much access they grant those apps. Its important to weigh the risk/reward of allowing mobile access to corporate data from personal devices.
Enterprise-owned devices should have controls in place to restrict these applications from being downloaded, Mike Parkin, senior technical engineer with Vulcan Cyber, tells Dark Reading.
With enterprise-owned devices, they should be doing this already, Parkin says. If they own the device, they have every right to restrict what goes onto it.
For organizations with BYOD policies, imposing restrictions on downloading apps is more difficult, Parkin adds, since the user owns the device and may balk at restrictions. Though it would be appropriate for them to publish their expectations and, when necessary, block infected devices from accessing enterprise assets.
While malicious applications are hardly anything new, John Gallagher, vice president at Viakoo Labs, hopes incidents like these two
spyware apps discovered in the Google Play Store
will encourage enterprise security teams to take a look at their own policies.
The ability of an application to have its download numbers inflated, to have more permissions than it needs, and for it to violate personal information policies and laws, are all existing attack vectors, Gallagher says. These newly discovered threats may push more organizations to screen company-provided devices for such apps, or to monitor their network traffic to detect issues.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Spyware Gamed 1.5M Users of Google Play Store