Google Play Store Security Scans Tricked by ...Sigh... In-Dev Malware

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Google's security scans tricked once more

Both SfyLabs and Zscaler researchers point out in separate reports that the malware's operation often fails at various stages, different in each analysis. This led both research teams to believe that this malware is currently still under development.


Nonetheless, the technique is now in the public domain and will no doubt be copied by other Android malware devs and added to their malware arsenals.
Click to expand...



Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store.

The apps are named "Earn Real Money Gift Cards" — an app for winning gift cards by installing other apps on your phone — and "Bubble Shooter Wild Life" — a mobile game. Both apps were developed and recently uploaded on the Play Store by the same developer, named Boris Block.

The apps were first spotted by security researchers from SfyLabs, and later by the Zscaler team. Both companies said they informed Google. At the time of writing, both apps are still available on the Play Store, but they still have a low install count, with less than 5,000 downloads.
Click to expand...

First app ships with a well-known threat
The first app is infected with the BankBot malware, while the second is a "dropper" — a type of malware used to install other malware on the instructions of a remote command-and-control server.

BankBot is a mobile banking trojan that leaked online last December and has been adopted by multiple malware authors. The trojan is notorious for its ability to bypass Google security checks and making it on the Play Store.

According to Cengiz Han Sahin, co-founder of SfyLabs, this is the seventh wave of BankBot malware that made it on the official Google Play Store.
Click to expand...

New malware abuses Accessibility feature in a unique way
The second app includes a never-before-seen malware downloader. Both SfyLabs and Zscaler point out that this malware sample is unique.

The thing that caught their eye is how this second app — Bubble Shooter Wild Life — abuses the Android Accessibility feature.

By now, it's no secret that a large number of recently created malware strains try to trick users into granting access to the Accessibility feature. This is a popular trend in Android malware.
Click to expand...
 
  • Like
Reactions: silversurfer, Stenly, Fritz and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
New Update Google is working on a Download Manager for the Play Store
Replies
1
Views
119
Android & WearOS
Bot
Bot
Gandalf_The_Grey
    • Wow
    • Like
    • Sad
Google removes Kaspersky's antivirus software from Play Store
Replies
17
Views
1,310
Kaspersky
harlan4096
harlan4096
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Malware News Over 200 malicious apps on Google Play downloaded millions of times
Replies
1
Views
1,186
Security News
Digmor Crusher
Digmor Crusher

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top