Covering malware trends in 2018, in its annual Android security report, Google has revealed that malware installed from Google Play grew by a 100 per cent last year.
Click-fraud apps, also called “adware” accounted for 55 per cent of all Potentially Harmful Applications (PHAs) installed through the Play Store, followed by trojans at 16 per cent, Google said in its report on Monday.
Click-fraud apps mostly targeted users in the USA, Brazil and Mexico.
Previously, Google treated click-fraud apps as a mere Play Store policy violation. The company contends that if it removed click-fraud stats, it would show PHAs installed from the official store declined by 31 per cent year over year, ZdNet reported.
In addition, 28 per cent of malware outside the Play Store were backdoors, while 25 per cent were trojans, 22 per cent were hostile downloads and just 13 per cent were accounted for click-fraud apps.
About PHA installs from outside the Play Store, Google claims Android’s Google Play Protect anti-malware system prevented 1.6 billion PHA installation attempts last year and stopped 73 per cent of PHA installs from outside the store, marking a 20 per cent improvement.
Google attributes the dominance of trojans outside the store to the “Chamois” family of malware, which are often pre-installed on popular Android devices from certain original equipment manufacturers (OEMs).
The backdoor apps mostly targeted Android users in Russia, Brazil, Mexico, and Vietnam, Google said. (IANS)
A new Trojan application is boosting popular shopping app ratings and installations and spreading ads that annoy users and over 14 percent Indians have been affected by this malware dubbed as “Shopper”, researchers from global cybersecurity and anti-virus brand Kaspersky said on Sunday.
The highest share of users infected by “Trojan-Dropper. AndroidOS.Shopper.a” from October to November 2019 was in Russia, with a staggering 28.46 per cent of all users affected by the shopaholic app located in the country. Almost a fifth (18.70 per cent) of infections were in Brazil and 14.23 per cent in India.
“Despite the fact that at the moment, the real danger stemming from this malicious app is limited to unsolicited ads, fake reviews and ratings issued in the name of the victim, no one can guarantee that the creators of this malware will not change their payload to something else,” Igor Golovin, Malware Analyst at Kaspersky, said in a statement.
For now, the focus of this malicious app is on retail, but its capabilities enable attackers to spread fake information via users’ social media accounts and other platforms.
The Trojan, dubbed “Shopper”, first drew the attention of researchers following its extensive obfuscation and use of the Google Accessibility Service.
The service enables users to set a voice to read out app content and automate interaction with the user interface — designed to help people with disabilities. However, in the hands of attackers this feature presents a serious threat to the device owner.
“The malware could automatically share videos containing whatever the operators behind Shopper would want on personal pages of users accounts and just flood the internet with unreliable information,” added GOlovin.
According to the researchers, once the Trojan has the permission to use the service, it can gain almost unlimited opportunities to interact with the system interface and applications. It can capture data featured on the screen, press buttons and even emulate user gestures.
It is not known yet how the malicious application is being spread, however, researchers at Kaspersky assume that it may be downloaded by device owners from fraudulent ads or third-party app stores while trying to get a legitimate application.
Surprisingly, the app masks itself as a system application and uses a system icon named “ConfigAPKs” in order to hide itself from the user.
After the screen is unlocked, the app launches, gathers information about the victim’s device and sends it to the attacker’s servers. The server returns the commands for the application to execute.
Notably, depending on the commands, the app can use a device owner’s Google or Facebook account to register on popular shopping and entertainment such as AliExpress, Lazada, Zalora, Shein, Joom, Likee and Alibaba, leave application reviews in Google Play on behalf of the device owner, check the rights to use the Accessibility Service and if permission is not granted, it sends a phishing request for them.
The app can also turn off Google Play Protect — a feature that runs a safety check on apps from the Google Play Store before they are downloaded, and open links received from the remote server in an invisible window and hide itself from the app menu after a number of screens are unblocked. (IANS)