Google Play apps with 470k installs can log in to your Facebook and Google accounts

by
Dan Goodin
from Ars Technica - All content on (#4Z0SN)
android-malware.jpg

Enlarge (credit: portal gda / flickr)

Researchers on Thursday documented two new malware campaigns targeting Android users.

The first involved nine apps that had been downloaded from Google Play more than 470,000 times. With names such as Speed Clean and Super Clean, the apps masqueraded as utilities for optimizing device performance. Behind the scenes, they connected to servers that could download as many as 3,000 different malware variants on compromised devices. Once installed, the apps could log in to users' Facebook and Google accounts to perform ad fraud. A second, unrelated campaign used cleverly crafted phishing emails to trick users into installing one of the nastiest pieces of malware targeting the Android OS (more about that later).

Not the Play Protect you're looking for

Once installed, the apps posing as optimizer utilities connected to an attacker-controlled server that's capable of downloading other malicious apps that perform a variety of fraudulent tasks, including:

Read 11 remaining paragraphs | Comments

index?i=SY7TjJLNz2o:b_HJlh39QUY:V_sGLiPB index?i=SY7TjJLNz2o:b_HJlh39QUY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments