Google Play Store served as a platform for malicious malware to enter Android devices. The said malware bypassed the Google defense repeatedly.
Kaspersky, a Russian security firm revealed that they recovered several Google play apps capable of stealing sensitive data. The malware launches the attack through an advanced back door that the hackers distribute through the Play Store.
The security firm named Phantom Lance hacking campaign as one of the names behind the attack. Kaspersky elaborated that hackers used the Play Store to hide the malware.
The attack targets Android users from India, Vietnam, Bangladesh, and Indonesia.
In its annual Security Analyst Summit remote virtual version, the firm stated a few details on how the malware evaded Google detection. The hackers disguised the malware as a gentle version of an app to be accepted.
Once the benign version of the app managed to enter in, it will add a data-stealing capable advanced backdoor. Some apps will require no permission during installation so that users won’t suspect at all.
Once installed, the app will use a code hidden inside an executable file to request permission. Some of the app disguised malware will even request permission at the device’s root level.
Alexey Firsh, a researcher from Kaspersky said the attackers using the Google Play Store as a trusted source. He added that it will be easy for hackers to deliver a link since users will easily trust the links coming from Google Play.
In a short period of time, the apps created a backdoor that gave attackers access to collect important data from the infected Android phone.
Hackers can get details such as hardware model, operating system, Android version, and the list of apps currently installed.
Hackers can then execute payloads that can collect sensitive information such as call logs, location, and more. Through the gathered data, attackers can increase their privileges and be able to evade security detection.
Kaspersky suspects that the malware that bypassed defense through Google Play Store has been out in the market for years now. The firm believes that the attack existed as early as 2015.
When asked about the corrective measures taken on the attack, Google answered that they are working to improve their detection capabilities.
Through an official statement, the company representative added that they appreciate the researchers’ works and that they are taking actions against identified apps.
Image courtesy of Mohamed_hassan/Pixabay
Google has partially misled its Australian Android customers about collecting and using their location data,…
A new Clipper Card is starting today. This time, it will support the Apple Play…
Unbroken Studios announced that it would be working alongside Rocksteady for Suicide Squad: Kill The Justice…