Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
The threat actors behind a newly discovered malicious advertising app operation have been active since at least 2019, but researchers tracking their evolution report the group has become more sophisticated, expanding beyond its previous Android-specific attacks into the iOS ecosystem.

The latest campaign, according to researchers with Human Security's Satori research team, included 80 Android Apps lurking in the Google Play store and, notably, 9 in the Apple App Store. All together, the team reported the malicious applications were downloaded at least 13 million times. Once downloaded, the malicious applications spoof other apps to rack up digital ad views, play hidden ads the user couldn't see to gain fraudulent views, and even track legitimate ad clicks to hone the group's ability to fake them more convincingly later.
The research team, which flagged the apps for removal from the official stores, calls this latest iteration of the attack group Scylla. The earliest version of the group was called Poseidon, then Charybdis. Scylla is the third wave of attacks from the threat actors, the Human team explained in their report.
Human Security worked with Google and Apple to remove the malicious applications and is continuing to work with advertising software development kit developers to mitigate the campaign's fallout. "These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla," the Human team added. "This is an ongoing attack, and users should consult the list of apps in the report and consider removing them from all devices."
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
The Trojan opens the subscription address in an invisible window, and by injecting JS scripts enters the user’s phone number, taps the required buttons, and enters the confirmation code from a text message. The result is that the user gets a paid subscription without realizing it.

Another notable feature of this Trojan is that it can subscribe not only when the process is protected by a text message code, but also when it is protected by a phone call: in this case the Trojan makes a call to specific number and confirms the subscription.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Tech giant Meta said it has notified a million Facebook users that their usernames and passwords might have been stolen after downloading one of over 400 malicious Android and iOS smartphone apps.

The apps were discovered in the Google Play Store and Apple's App Store over the course of the last year, posing as popular types of software.

According to Meta, four in 10 of the apps posed as photo editors, while others posed as games, VPNs, health trackers, business applications, flashlight enhancers and other services to trick users into downloading them.

Full article
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top