Google Play apps downloaded 300,000 times stole bank credentials

by
Dan Goodin
from Ars Technica - All content on (#5SFWQ)
digital-800x533.jpg

Enlarge (credit: Getty Images)

Researchers said they've discovered a batch of apps downloaded from Google Play more than 300,000 times before the apps were revealed to be banking trojans that surreptitiously siphoned user passwords and two-factor authentication codes, logged keystrokes, and took screenshots.

The apps-posing as QR scanners, PDF scanners, and cryptocurrency wallets-belonged to four separate Android malware families that were distributed over four months. They used several tricks to sidestep restrictions that Google has devised in an attempt to rein in the unending distribution of fraudulent apps in its official marketplace. Those limitations include restricting the use of accessibility services for sight-impaired users to prevent the automatic installation of apps without user consent.

Small footprint

What makes these Google Play distribution campaigns very difficult to detect from an automation (sandbox) and machine learning perspective is that dropper apps all have a very small malicious footprint," researchers from mobile security company ThreatFabric wrote in a post. This small footprint is a (direct) consequence of the permission restrictions enforced by Google Play."

Read 12 remaining paragraphs | Comments

index?i=v9PXuM8yIRU:TMWixEPa3zY:V_sGLiPB index?i=v9PXuM8yIRU:TMWixEPa3zY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments