Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Android games. Show all posts

Google Removes 22 Malicious Android Apps Exposed by McAfee

Google recently took action against 22 apps that are available on the Google Play Store, which has alarmed Android users. These apps, which have been downloaded over 2.5 million times in total, have been discovered to engage in harmful behavior that compromises users' privacy and severely drains their phone's battery. This disclosure, made by cybersecurity company McAfee, sheds light on the hidden threats that might be present in otherwise innocent programs.

These apps allegedly consumed an inordinate amount of battery life and decreased device performance while secretly running in the background. Users were enticed to install the programs by the way they disguised themselves as various utilities, photo editors, and games. Their genuine intentions, however, were anything but harmless.

Several well-known programs, like 'Photo Blur Studio,' 'Super Smart Cleaner,' and 'Magic Cut Out,' are on the list of prohibited applications. These applications took use of background processes to carry out tasks including sending unwanted adverts, following users without their permission, and even possibly stealing private data. This instance emphasizes the need for caution while downloading apps, especially from sites that might seem reliable, like the Google Play Store.

Google's swift response to remove these malicious apps demonstrates its commitment to ensuring the security and privacy of its users. However, this incident also emphasizes the ongoing challenges faced by app marketplaces in identifying and preventing such threats. While Google employs various security measures to vet apps before they are listed, some malicious software can still evade detection, slipping through the cracks.

As a precautionary measure, users are strongly advised to review the apps currently installed on their Android devices and uninstall any that match the names on the list provided by McAfee. Regularly checking app permissions and reviews can also provide insights into potential privacy concerns.

The convenience of app stores shouldn't take precedence over the necessity of cautious and educated downloading, as this instance offers as a sharp reminder. Users must actively participate in securing their digital life as fraudsters become more skilled. A secure and reliable digital environment will depend on public understanding of cybersecurity issues as well as ongoing efforts from internet behemoths like Google.

Chinese Android Game Developer Exposes Data of Over 1 Million Gamers

 

The Chinese developers of famous Android gaming applications exposed user information via an unprotected server. As per the report shared by vpnMentor's cybersecurity team, headed by Noam Rotem and Ran Locar, identified EskyFun as the owner of a 134GB server exposed and made public online.

Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M are among the Android games developed by EskyFun. 

According to the team on Thursday, the users of the following games were included in the data leak and altogether they have over 1.6 million downloads combined: 
-Rainbow Story: Fantasy MMORPG
-Metamorph M
-Dynasty Heroes: Legends of Samkok u 

According to the researchers, the supposed 365,630,387 records included data from June 2021 onwards, exposing user data gathered on a seven-day rolling basis. 

As per the team, when their software is downloaded and installed, the developers impose aggressive and highly troubling monitoring, analytics, and permissions settings, and as a consequence, the variety of data gathered was considerably more than one would imagine mobile games to need. 

The records constituted IP and IMEI data, device information, phone numbers, the operating system in use, mobile device event logs, whether or not a smartphone was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords, and support requests. 

vpnMentor estimates that up to or more than, one million users' information may have been compromised. 

On July 5, the unprotected server was detected, and EskyFun was approached two days later. However, after receiving no answer, vpnMentor tried again on July 27. 

Due to the continued inaction, the team was forced to contact Hong Kong CERT, and the server was safeguarded on July 28. 

The researchers commented, "Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users. Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse."