Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

[upnorth]

Content source

https://www.darkreading.com/attacks-breaches/malicious-apps-millions-downloads-apple-google-app-stores

The threat actors behind a newly discovered malicious advertising app operation have been active since at least 2019, but researchers tracking their evolution report the group has become more sophisticated, expanding beyond its previous Android-specific attacks into the iOS ecosystem.

The latest campaign, according to researchers with Human Security's Satori research team, included 80 Android Apps lurking in the Google Play store and, notably, 9 in the Apple App Store. All together, the team reported the malicious applications were downloaded at least 13 million times. Once downloaded, the malicious applications spoof other apps to rack up digital ad views, play hidden ads the user couldn't see to gain fraudulent views, and even track legitimate ad clicks to hone the group's ability to fake them more convincingly later.

The research team, which flagged the apps for removal from the official stores, calls this latest iteration of the attack group Scylla. The earliest version of the group was called Poseidon, then Charybdis. Scylla is the third wave of attacks from the threat actors, the Human team explained in their report.

Human Security worked with Google and Apple to remove the malicious applications and is continuing to work with advertising software development kit developers to mitigate the campaign's fallout. "These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla," the Human team added. "This is an ongoing attack, and users should consult the list of apps in the report and consider removing them from all devices."

Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.

www.darkreading.com

 

[Ink]

The Trojan opens the subscription address in an invisible window, and by injecting JS scripts enters the user’s phone number, taps the required buttons, and enters the confirmation code from a text message. The result is that the user gets a paid subscription without realizing it.

Another notable feature of this Trojan is that it can subscribe not only when the process is protected by a text message code, but also when it is protected by a phone call: in this case the Trojan makes a call to specific number and confirms the subscription.

• The Harly Trojan subscriber in Google Play apps

 

[oldschool]

These articles show why installing only the minimum number of trusted apps that you need is the first best policy.

 

[CyberTech]

Tech giant Meta said it has notified a million Facebook users that their usernames and passwords might have been stolen after downloading one of over 400 malicious Android and iOS smartphone apps.

The apps were discovered in the Google Play Store and Apple's App Store over the course of the last year, posing as popular types of software.

According to Meta, four in 10 of the apps posed as photo editors, while others posed as games, VPNs, health trackers, business applications, flashlight enhancers and other services to trick users into downloading them.

Full article

Facebook users warned: You may have downloaded these password-stealing Android and iOS apps

Hundreds of malicious apps available in Google Play and Apple App Store tricked users into giving away their passwords. Here's what to watch out for.

www.zdnet.com