Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fake Apps. Show all posts
Trading
Apple cryptocurrency Cyber Fraud Cybersecurity Fake Apps Fraud Google investment phishing Scam Trading

Massive Global Fraud Campaign Exploits Fake Trading Apps on Apple and Google Platforms

 

A recent investigation by Group-IB revealed a large-scale fraud operation involving fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites to deceive victims. The scheme is part of a wider investment scam known as "pig butchering," where fraudsters lure victims into investments by posing as romantic partners or financial advisors.

Victims are manipulated into losing funds, with scammers often requesting additional fees before disappearing with the money.

Group-IB, based in Singapore, noted that the campaign targets victims globally, with reports from regions like Asia-Pacific, Europe, the Middle East, and Africa. The fraudulent apps, created using the UniApp Framework, are labeled under "UniShadowTrade" and have been active since mid-2023, offering promises of quick financial gains.

One app, SBI-INT, even bypassed Apple’s App Store review process, giving it an illusion of legitimacy. The app disguised itself as a tool for algebraic formulas and 3D graphics calculations but was eventually removed from the marketplace.

The app used a technique that checked if the date was before July 22, 2024, and, if so, displayed a fake screen with mathematical formulas. After being taken down, scammers began distributing it via phishing websites for Android and iOS users.

For iOS, downloading the app involved installing a .plist file, requiring users to trust an Enterprise developer profile manually. Once done, the fraudulent app became operational, asking users for their phone number, password, and an invitation code.

After registration, victims went through a six-step process involving identity verification, providing personal details, and agreeing to terms for investments. Scammers then instructed them on which financial instruments to invest in, falsely promising high returns.

When victims tried to withdraw their funds, they were asked to pay additional fees to retrieve their investments, but the funds were instead stolen.

The malware also included a configuration with details about the URL hosting the login page, hidden within the app to avoid detection. One of these URLs was hosted by a legitimate service, TermsFeed, used for generating privacy policies and cookie consent banners.

Group-IB discovered another fake app on the Google Play Store called FINANS INSIGHTS, which had fewer than 5,000 downloads. A second app, FINANS TRADER6, was also linked to the same developer. Both apps targeted countries like Japan, South Korea, Cambodia, Thailand, and Cyprus.

Users are advised to be cautious with links, avoid messages from unknown sources, verify investment platforms, and review apps and their ratings before downloading.
Read more »
Play Store
Advertisement Cyber Security Fake Apps Fraudulent Play Store

HUMAN Team Shuts Down Major Mobile Ad Fraud Scheme

 


In a major development, the HUMAN Satori Threat Intelligence and Research Team has successfully dismantled a vast mobile advertising fraud operation known as "Konfety." This scheme, which generated billions of fake ad requests each day, was designed to deceive both users and advertisers on a large scale.

The Konfety scammers used a mobile advertising tool called CaramelAds to carry out their scheme. They created numerous fake apps, which appeared to be ordinary games on the Google Play Store. These apps were actually just a front for the fraud. The core of the scam involved "evil twin" apps—modified versions of CaramelAds that did not follow privacy regulations and were used to show fraudulent ads.

The fraudulent apps were designed to mimic genuine user activity. They displayed unwanted ads, opened websites without user consent, and used various tactics to create the illusion of legitimate traffic. This allowed the scammers to profit from fake ad views and clicks, deceiving both users and advertisers.

Upon discovering the fraud, the HUMAN team quickly implemented measures to block the fraudulent traffic. They flagged suspicious activity and worked with ad networks to stop the scam. In response, the fraudsters tried to shift their operations to other networks not protected by HUMAN, but their efforts were largely thwarted by HUMAN’s protective measures.

Google Play Protect was crucial in identifying and removing the fraudulent apps. Despite its efforts, the scale of the Konfety scheme highlighted the ongoing challenge of preventing such sophisticated scams. Google continues to monitor and protect users from these threats.

HUMAN’s team developed specific detection techniques for the Konfety scam and shared their findings with other security experts. This collaboration led to a significant reduction in fraudulent ad requests and enhanced overall security in digital advertising.

The successful shutdown of the Konfety fraud needs a heedful of vigilance and cooperation in the fight against online scams. HUMAN’s ongoing efforts to safeguard the integrity of digital advertising are essential as cybercriminals continue to evolve their tactics. This case highlights the need for constant vigilance and industry collaboration to maintain a secure online environment.




Read more »
User Security
Fake Apps FlyGram Privacy Signal Plus Messenger Telegram User Security

Threat of Fake Signal and Telegram Apps: Protecting Your Privacy and Security


In today’s digital age, the use of messaging apps has become an integral part of our daily lives. Apps like Signal and Telegram have gained immense popularity due to their focus on privacy and security. 

However, with the rise in popularity of these apps, there has also been an increase in the number of fake apps that pose as extensions or premium versions of these popular messaging platforms. 

In this blog post, we will discuss the recent discovery of fake Signal and Telegram apps that have been found to sneak malware into thousands of Android phones.

The Discovery

Researchers at the cybersecurity firm ESET recently discovered fake apps in the Google and Samsung app stores that posed as extensions or premium versions of the popular messaging platforms Signal and Telegram. 

These malicious apps, called Signal Plus Messenger and FlyGram, were designed to steal user data. When users took certain actions, these fake apps could pull sensitive information from legitimate Signal and Telegram accounts, including call logs, SMS messages, locations and more.

The Implications

By stealing sensitive information from legitimate Signal and Telegram accounts, these malicious apps can compromise the privacy and security of users’ conversations. 

This can lead to identity theft, financial fraud, and other forms of cybercrime. It is therefore important for users to be vigilant when downloading apps from app stores and to only download apps from trusted sources.

Read more »
OpenAI
ChatGPT Cyber Fraud Cyber Scam Fake Apps Fake ChatGPT Apps Fleeceware OpenAI

Fake ChatGPT Apps may Fraud you out of Your Money


The growing popularity of ChatGPT has given online scammers a good chance to take it as an opportunity to scam its users. Numerous bogus apps have now been released on the Google Play Store and the Apple App Store as a result of the thrill surrounding this popular chatbot.

Cybersecurity firm Sophos has now made the users acknowledge the case of fake ChatGPT apps. It claims that downloading these apps can be risky, that they have almost no functionality, and that they are continually sending advertisements. According to the report, these apps lure unaware users into subscribing for a subscription that can costs hundreds of dollars annually.

How Does the Fake ChatGPT App Scam Work? 

Sophos refers these fake ChatGPT apps as fleeceware, describing them as ones that bombard users with adverts until they give in and purchase the subscription. These apps are purposefully made to only be used for a short period of time after the free trial period ends, causing users to remove them without realizing they are still obligated to make weekly or monthly membership payments.

According to the report, five investigated bogus ChatGPT apps with names like "Chat GBT" were available in order to deceive users and increase their exposure in the Google Play or App Store rankings. The research also claimed that whereas these fake apps charged users ranging from $10 per month to $70 per year, OpenAl's ChatGPT offers key functionality that could be used for free online. Another scam app named Genie lured users into subscribing for $7 weekly or $70 annually, generating $1 million in income over the previous month.

“Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception," said Sean Gallagher, principal threat researcher, Sophos. "With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT. These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment."

While some of the bogus ChatGPT fleeceware have already been tracked and removed from the app stores, they are expected to resurface in the future. Hence, it is recommended for users to stay cautious of these fake apps, and make sure that the apps they are downloading are legitimate.

For users who have already download these apps are advised to follow protocols provided by the App Store or Google Play store on how to “unsubscribe,” since just deleting the bogus apps would not cancel one’s subscription.  

Read more »
Warren Buffett
cryptocurrency Cyber Crime Fake Apps Texas User Privacy Warren Buffett

Fake Crypto Website: Berkshire Hathaway Issues Warning




Warren Buffett's company Berkshire Hathaway Inc. issued a warning to investors on Friday stating that it is not associated with a fictitious cryptocurrency trading website that uses the Berkshire Hathaway brand.

According to the website's creator, a Texas-based broker was established in 2020 to offer investors the chance to earn a fully passive income through investments in cryptocurrency mining.

It concerns alleged client endorsements and claims that the broker is licensed in the US, UK, Cyprus, and South Africa while mispronouncing the names of two authorities. Its email format is different from Buffett's company's.

Buffett has always been wary of cryptocurrencies; despite a change in the public's opinion of bitcoin, Buffett still would not purchase it. He has a bias to view cryptocurrencies as passive investments that holders purchase with the expectation of long-term price growth.

At the Berkshire Hathaway annual shareholders meeting on Saturday, he said that the asset is not productive and produces nothing measurable.

"The entity that owns this web address has no affiliation with Berkshire Hathaway Inc. or its Chairman and CEO, Warren E. Buffett," according to a statement from Buffett's company, which claimed it learned about the website.

It has gained recognition as an investment asset in Western countries, especially during the past year as rates and inflation have increased. People continue to see great potential for its application as digital currency in other areas.

"Assets must provide someone with something in order to be valuable. Additionally, just one type of currency is recognized. You can think of all kinds of things; we can even put up Berkshire coins, but at the end of the day, this is money," remarked Warren Buffett, holding up a $20 bill.

Requests for comment from the website's owner were not immediately answered. Recent months have seen increased scrutiny of cryptocurrencies.

As a result of reports of $10 billion in client, assets were transferred from FTX to Bankman-trading Fried's firm Alameda Research, FTX declared bankruptcy and is now under investigation by American authorities.
Read more »
WhatsApp
Android Apps Data Fake Apps Mobile Phones Mobile Security Safety Scam Security SMS Access WhatsApp

This Unofficial WhatsApp Android App Caught Stealing Users’ Accounts

 

Kaspersky researchers discovered 'YoWhatsApp,' an unofficial WhatsApp Android app that steals access keys for users' accounts. Mod apps are promoted as unofficial versions of genuine apps that include features that the official version does not. 

YoWhatsApp is a fully functional messenger that supports extra features such as customising the interface and blocking access to specific chats. The tainted WhatsApp app requests the same permissions as the original messenger app, such as SMS access.

“To use the WhatsApp mod, users need to log in to their account of the legitimate app. However, along with all the new features, users also receive the Triada Trojan. Having infected the victim, attackers download and run malicious payloads on their device, as well as get hold of the keys to their account on the official WhatsApp app.” reported Kaspersky. 

“Along with the permissions needed for WhatsApp to work properly, this gives them the ability to steal accounts and get money from victims by signing them up for paid subscriptions that they are unaware of.”

This mod instals the Triada Trojan, which is capable of delivering other malicious payloads, issuing paid subscriptions, and even stealing WhatsApp accounts. More than 3,600 users have been targeted in the last two months, according to Kaspersky. The official Snaptube app promoted the YoWhatsApp Android app.

The malicious app was also discovered in the popular Vidmate mobile app, which is designed to save and watch YouTube videos. Unlike Snaptube, the malicious build was uploaded to Vidmate's internal store. YoWhatsApp v2.22.11.75 steals WhatsApp keys, enabling threat actors to take over users' accounts, according to Kaspersky researchers.

In 2021, Kaspersky discovered another modified version of WhatsApp for Android that offered additional features but was used to deliver the Triada Trojan. FMWhatsApp 16.80.0 is the modified version.

The experts also discovered the advertisement for a software development kit (SDK), which included a malicious payload downloader. The FMWhatsapp was created to collect unique device identifiers (Device IDs, Subscriber IDs, MAC addresses) as well as the name of the app package in which they are deployed.

To be protected, the researchers advise:
  • Only install applications from official stores and reliable resources
  • Remembering to check which permissions you give installed applications – some of them can be very dangerous
  • Installing a reliable mobile antivirus on your smartphone, such as Kaspersky Internet Security for Android. It will detect and prevent possible threats.
Kaspersky concluded, “Cybercriminals are increasingly using the power of legitimate software to distribute malicious apps. This means that users who choose popular apps and official installation sources may still fall victim to them. In particular, malware like Triada can steal an IM account, and for example, use it to send unsolicited messages, including malicious spam. The user’s money is also at risk, as the malware can easily set up paid subscriptions for the victim.”


Read more »
Payment Fraud
Digital payment system Fake Apps Google Play Store Malware in Google Play Mobile Security Mobile Security News Payment Fraud

Japanese Payment System Attacked By Fake Security App

A new malware has been observed by the Research team at McAfee Corp. This malware is found to be attacking NTT DOCOMO customers in Japan. 

The malware that is distributed via the Google Play Store pretends to be a legitimate mobile security app, but in reality, it is a fraud malware designed to steal passwords and abuse reverse proxy focusing on NTT DOCOMO mobile service customers. 

The McAfee Cell Analysis team informed Google regarding the notoriety of the malware. In response, Google has made the application unavailable in Google Play Store and removed known Google Drive files that are associated with the malware. In addition to this, Google Play Shield has now alerted the customers by disabling the apps and displaying a warning. 

The malware publishes malicious fake apps on Google Play Store with various developer accounts that appear like some legitimate apps. According to a tweet by Yusuke Osumi, a Security Researcher at Yahoo, the attacker lures the victims into installing the malware in their systems by sending them an SMS message with a Google Play Store link, reportedly sent from overseas. Additionally, they entice the users by displaying a requirement to update their security software. 

This way, the victim ignorantly installs the fraudulent app from Google Play Store and ends up installing the malware. The malware asks the user for a community password but cleverly enough, it claims the password is incorrect, so the user has to enter a more precise password. It does not matter if the password is incorrect or not, as this community password can later be used by the attacker for the NTT DOCOMO fee services and gives way to online funds. 

Thereafter, the malware displays a fake ‘Mobile Security’ structure on the user’s screen; the structure of this Mobile Security structure interestingly resembles that of an outdated display of McAfee cell security. 

How does the malware function

A native library called ‘libmyapp.so’ written in Golang, is loaded through the app execution. When the library is loaded, it attempts to connect with C&C servers utilizing an Internet Socket. WAMP (Internet Software Messaging Protocol) is then employed to speak and initiate Distant Process Calls (DPC). When the link is formulated, the malware transmits the community data and the victim’s phone number, registering the client’s procedural commands. The connection is then processed when the command is received from the server like an Agent. Wherein, the socket is used to transmit the victim’s Community password to the attacker, when the victim enters his network password in the process.

The attacker makes fraudulent purchases using this leaked information. For this, the RPC command ‘toggle_wifi’ switch the victim’s Wi-Fi connection status, and a reverse proxy is provided to the attacker through ‘connect_to’. This would allow connecting the host behind a Community Handle Translation (NAT) or firewall. With the help of a proxy, now the attacker can ship by request through the victim’s community network. 

Along with any other methods that the attackers may use, the malware can also use reverse proxy to acquire a user’s mobile and network information and implement an Agent service with WAMP for fraudulent motives. Thus, it is always advised by Mobile Security Organizations to be careful while entering a password or confidential information into a lesser-known or suspicious application.

Read more »
Malicious actor
API Bug Data Breach Fake Apps Healthcare system HIPAA Malicious actor

A New Regulation Seeks to Secure Non-HIPAA Digital Health Apps

 

A guideline designed and distributed by several healthcare stakeholder groups strives to secure digital health technologies and mobile health apps, the overwhelming majority of which fall outside of HIPAA regulation. 

The Digital Health Assessment Framework was launched on May 2 by the American College of Physicians, the American Telemedicine Association, and the Organization for the Review of Care and Health Applications. The methodology intends to examine the use of digital health technologies while assisting healthcare leaders and patients in assessing the factors about which online health tools to employ. Covered entities must also adopt necessary administrative, physical, and technical protections to preserve the confidentiality, integrity, and availability of electronically protected health information, according to the Health Insurance Portability and Accountability Act Rules. 

Healthcare data security was never more critical, with cyberattacks on healthcare businesses on the rise and hackers creating extremely complex tools and tactics to attack healthcare firms. Before HIPAA, the healthcare field lacked a universally agreed set of security standards or broad obligations for protecting patient information. At the same time, new technologies were advancing, and the healthcare industry began to rely more heavily on electronic information systems to pay claims, answer eligibility issues, give health information, and perform a variety of other administrative and clinical duties. 

Furthermore, the Office for Civil Rights at the Department of Health and Human Services has enhanced HIPAA Rule enforcement, and settlements with covered businesses for HIPAA Rule violations are being reached at a faster rate than ever before. 

"Digital health technologies can provide safe, effective, and interacting access to personalized health and assistance, as well as more convenient care, improve patient-staff satisfaction and achieve better clinical outcomes," said Ann Mond Johnson, ATA CEO, in a statement. "Our goal is to provide faith that the health and wellness devices reviewed in this framework meet quality, privacy, and clinical assurance criteria in the United States," she added. 

Several health apps share personal information with third parties, leaving them prone to hacks. Over 86 million people in the US use a health or fitness app, which is praised for assisting patients in managing health outside of the doctor's office. HIPAA does not apply to any health app which is not advised for use by a healthcare provider. 

The problem is that the evidence strongly suggests the app developers engage in some less-than-transparent methods to compromise patient privacy. Focusing on a cross-sectional assessment of the top tier apps for depression and smoking cessation in the US and Australia, a study published in JAMA in April 2019 found that the majority of health apps share data to third parties, but only a couple disclosed the practice to consumers in one‘s privacy policies. 

Only 16 of the evaluated applications mentioned the additional uses for data sharing, despite the fact that the majority of the apps were forthright about the primary use of its data. 

According to the aforementioned study, nearly half of the apps sent data to a third party yet didn't have a privacy policy. But in more than 80% of cases, data was shared with Google and Facebook for marketing purposes. 

Another study published in the British Medical Journal in March 2019 discovered that the majority of the top 24 health education Android applications in the USA linked user data without explicitly informing users. In 2021, a study conducted by Knight Ink and Approov found that the 30 most popular mHealth apps are highly vulnerable to API hacks, which might result in the exploitation of health data. Only a few app developers were found in violation of the Federal Trade Commission's health breach rule. 

The guideline from ACP, ATA, and ORCHA aims to help the healthcare industry better comprehend product safety. "There has been no clear means to establish if a product is safe to use in a field of 365,000 goods, where the great majority fall outside of existing standards, such as medical device regulations, federal laws, and government counsel," as per the announcement. 

The implementation of digital health, covering condition management, clinical risk assessment, and decision assistance, is hampered by a lack of direction. The guide is a crucial step in identifying and developing digital health technologies which deliver benefits while protecting patient safety, according to ACP President Ryan D. Mire, MD. The guidelines were developed using the clinical expertise of ACP and ATA members, along with ORCHA's app assessment experience.

ACP also launched a pilot test of digital health solutions that were evaluated against the new framework in conjunction with the new framework. Mire hopes that the trial will assist providers to identify the most effective features for recommending high-value digital health technologies to patients and identify potential impediments to extensive digital health adoption.
Read more »
Playstore
Android Android Phone Android Users Fake Apps Mobile Security Playstore

Alert: Android Users Should Delete These 151 Apps Immediately

 

A total of 151 scam applications have been identified and deleted from the Google Play Store, but Android users should double-check that none of them is installed.

Avast, a cybersecurity software company, has detected a massive premium SMS fraud running on the official Google Play Store, according to BGR. It's been termed the UltimaSMS campaign by Avast (because the first scam software uncovered during the investigation was Ultima Keyboard 3D Pro), and it's made up of 151 fraudulent applications that have been downloaded over 10.5 million times in over 80 countries. 

Custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games are just some of the applications that are disguised as legitimate tools. However, they all have the same goal in mind: to sign users up for premium SMS services. 

Every app follows the same methodology: The area code and language to use are determined by checking the phone's location, International Mobile Equipment Identity (IMEI), and phone number once it has been installed. Prompts then ask for the user's phone number and, in some instances, their email address. 

This information is then utilised to sign them up for premium SMS services without the user's knowledge. The charges are typical $40 or more each month, and users may not be aware of them for weeks or months. Once an UltimaSMS app has reached its objective, it often stops running or advertises more subscription choices instead of the promised features. The concern is that premium subscriptions will continue to deduct money from users' accounts even if they remove the app. 

Avast compiled a list of all 151 applications involved in the fraud and every Android user should examine it. If anyone has any of these applications installed (or have had them installed in the past), uninstall them immediately. 

However, if anyone notices any unexpected charges, examine the statements and contact the carrier. If users wish to avoid this sort of fraud in the future, then should ask their carrier to disable premium SMS options on the account.
Read more »
Japan Cyber Security
Data Breach data security Fake Apps Japan Cyber Security

New Android Spyware Threat Poses as Antivirus in Japan

 

Japanese cybersecurity intelligence recently identified the latest advanced mutant of the FakeCop info stealer impersonating a legit privacy service provider Android app by NTT Docomo known as ‘Anshin Security.’ 

In the wake of the attack other antivirus service companies are on red alert as spyware acquires a wide range of users’ data by promising protection against the spyware. The fake app offers an anti-virus tool against the spyware but it instead installs malware on the user’s device. 

According to the cybersecurity firm Cyble, spyware sends a malicious APK in phishing links via email or SMS imitating the Japanese company KDDI. Alongside, the malware has also been identified as being recorded on 22 out of 62 AV engines on VirusTotal, which hints at the fact that the malware has been developed to stay hidden across many parameters. 

Hackers collect confidential information of users such as contacts, accounts information, SMS, and apps list. It does not end here, hackers also alter or delete SMSs in the device database, device hardware information (IMEI), and send SMS without the user’s knowledge. 

Further, for users' safety, the organization will look into other antivirus software and flag them as malicious. Users are suggested to remove the current app and use the latest versions of Google Play Protect, activate them. Lastly, users are also recommended to avoid clicking on unidentified links.

Security experts say that supposedly, FakeCop has similar origins as Flubot and Medusa as similar to these two malware, it also employs free dynamic DNS 'duckdns.org' to deliver.
Read more »
WhatsApp
Fake Apps Google Play Store malware Netflix WhatsApp

Fake Netflix App Spreads Malware via WhatsApp Messages

 

Researchers have discovered malware camouflaged as a Netflix application, prowling on the Google Play store, spread through WhatsApp messages. As per a Check Point Research analysis released on Wednesday, the malware took on the appearance of an application called "FlixOnline," which publicized by the means of WhatsApp messages promising "2 Months of Netflix Premium Free Anywhere in the World for 60 days." But once installed, the malware begins stealing information and credentials.

The malware was intended to monitor incoming WhatsApp messages and automatically react to any that the victims get, with the content of the response crafted by the adversaries. The reactions attempted to bait others with the proposal of a free Netflix service, and contained links to a phony Netflix site that phished for credentials and credit card information, analysts said. 

“The app turned out to be a fake service that claims to allow users to view Netflix content from around the world on their mobiles,” according to the analysis. “However, instead of allowing the mobile user to view Netflix content, the application is actually designed to monitor a user’s WhatsApp notifications, sending automatic replies to a user’s incoming messages using content that it receives from a remote server.” Once you install the FlixOnline application from the Play Store, it asks for three sorts of authorizations: screen overlay, battery optimization ignore, and notification. Researchers from Check Point noticed that overlay is utilized by malware to make counterfeit logins and steal client credentials by making counterfeit windows on top of existing applications. 

The malware was additionally able to self-propagate, sending messages to client's WhatsApp contacts and groups with links to the phony application. With that in mind, the computerized messages read, “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE [Bitly link].”

“The malware’s technique is fairly new and innovative,” Aviran Hazum, manager of Mobile Intelligence at Check Point, said in the analysis. “The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags.”
Read more »
Google Play Store
Adware Cyber Fraud Fake Apps Google Play Store

Sneaky Android adware hides its own icon to avoid removal – find out how to get rid of it!



Security researchers at SophosLabs have discovered 15 apps in the Play Store that contain a manipulative strain of adware that hides its own icon in the launcher to avoid being uninstalled by making the process unusually difficult for the users, it disguises itself as a harmless system app. There is a possibility of more such apps being present on the Play Store beside these 15 discovered ones. Some apps of similar nature have gone a step further and were found upon opening the phone’s App Settings page, hidden beneath names and icons that make them appear as legitimate system apps.

Some people tend to download an app, without giving its requirement much of a thought or consideration, the habit may have led you into inadvertently downloading these malicious apps such as QR code reading, free calls and messaging, phone finder, backup utilities and image editor apps which have adware embedded in them and serve no purpose at all other than to generate revenues for the developers by displaying intrusive advertisements. To exemplify, Flash on Calls & Messages – aka Free Calls & Messages is one such app, which shows a fake error message when the user launches it, telling the user that it is incompatible with his device. Then the user is directed to the Google Play Store entry for Google Maps, to mislead the user into believing that the Maps app is the reason for the crash, which is not at all true.

On Google Play Store, most of these camouflaged apps receive negative ratings and reviews which highlight the disappointments and the issues faced by users while using the app. More than 13 lakh phones were populated by these malicious apps, according to SophosLabs.

Quoting Andrew Brandt, principal researcher at SophosLabs, "To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"App developers have, for years, embedded ad-code into their apps as a way to help defray the costs of development, but some developers simply use their apps as a borderline-abusive platform solely to launch ads on mobile devices," he added.

How to get rid of adware apps? 

Referencing from the advise given by Andrew Brandt, "If you suspect that an app you recently installed is hiding its icon in the app tray, tap Settings (the gear menu) and then Apps & Notifications. The most recently opened apps appear in a list at the top of this page."

"If any of those apps use the generic Android icon (which looks like a little greenish-blue Android silhouette) and have generic-sounding names (‘Back Up,’ ‘Update,’ ‘Time Zone Service’) tap the generic icon and then tap ‘Force Stop’ followed by ‘Uninstall.’ A real system app will have a button named ‘Disable’ instead of ‘Uninstall’ and you don’t need to bother disabling it."

"To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"If several reviews mention specific undesirable behavior, it's likely best to avoid that particular app," he says. 
Read more »
User Security
Chinese developers Fake Apps Google malware User Security

Google Takes Down Around 46 Apps by Chinese Developers from its Play Store


Last week, around 46 apps by a Chinese developer, iHandy were taken down by Google from its Play Store. Initially, Google declined to provide reasons for the sudden removal of various security, horoscope, selfie, health and antivirus related apps which were downloaded over millions of times.

However, a total of eight apps were still present on Google’s Play Store, until three more were taken down, as per a Buzzfeed report. The Chinese company, established in the year 2008, claims to have almost 180 million monthly active users in more than 200 countries across the globe. Currently going through investigations, iHandy is one of the world’s largest mobile application developers.

In a conversation with Buzzfeed, iHandy VP Simon Zhu, while expressing how they found Google’s takedown quite unexpected, said “It is an unexpected action from our point of view. We are trying to find out the reasons. Hope the apps will be back to Play Store as soon as possible.”

Notably, Google has taken down apps made by Chinese developers in the past as well for various reasons; in this case, the removal is triggered by deceptive and disruptive ads. In August this year, after Trend Micro discovered malware inside certain apps, Google removed a total of 85 apps from its Play Store, most of these apps were related to gaming or photography and had more than 8 million downloads. The most popular names among these infected apps included, ‘Super Selfie’, ‘Cos Camera’, ‘One Stroke Line Puzzle’ and ‘Pop Camera’.

To exemplify, a very popular app known as ‘Sweet Camera- Selfie Beauty Camera, Filters’ which had over 50 million downloads was also removed in the process and it is not to be found on the Indian Play Store either.

Researchers discovered that all of these infected apps were put on the Play Store via distinct developer accounts and were signed by non-identical digital certificates, but they exhibited the same behaviors and shared a similar code.

Referenced from the statements given by Google’s spokesperson, "Our Google Play developer policies are designed to help create the best experience for users, and we explicitly prohibit deceptive or disruptive ads. When violations are found, we take action,"
Read more »
Malware in Google Play
Android Malware Apps Fake Apps Google Google Play Malware in Google Play

Google removes 16 apps infected by 'Agent Smith' malware

Every now and then, Android keeps getting visited from deadly malware attacks that put user and their data at lots of risks. This time, it's a new malware called Agent Smith and like its name, this malware is sneaky in what it's designed to do - bombard your phone with ads. Agent Smith also has properties to stick to other apps installed on the phone and ensure that the malware infection stays the same. The malware was first detected by Check Point and after working with Google, the infected apps have been removed from Google Play Store.

After it was informed of the infection, Google has identified and removed 16 apps from the Play Store that are known to be infected by Agent Smith. These apps are no longer available for download from the Play Store and there won't be further updates for these apps via the Play Store. However, Google can only remove the app from the Play Store but it can't wipe these apps from an individual's Android phone. Hence, if you have the following apps installed on your Android phone, you should uninstall them immediately.

Ludo Master - New Ludo Game 2019 For Free

Sky Warriors: General Attack

Color Phone Flash - Call Screen Theme

Bio Blast - Infinity Battle Shoot virus

Shooting Jet

Photo Projector

Gun Hero - Gunman Game for Free

Cooking Witch

Blockman Go: Free Realms & Mini Games

Crazy Juicer - Hot Knife Hit Game & Juice Blast

Clash of Virus

Angry Virus

Rabbit Temple

Star Range

Kiss Game: Touch Her Heart

Girl Cloth Xray Scan Simulator

However, Agent Smith can cling on to other popular apps and make it difficult for users to identify which app has been affected by it. Two most popular apps in India include WhatsApp - through which it has infected 1.5 crore Android phones, and Flipkart.
Read more »
Google Play Store
Android Android Applications Apps Fake Apps Google Google Play Store

Over 2,000 malicious apps exists on Play Store

If you thought that the quality control issues plaguing the Google Play Store for Android were finally being ironed out, it couldn't be further from the truth. A two-year-study by the University of Sydney and CSIRO’s Data61 has come to the conclusion that there are at least 2,040 counterfeit apps on Google Play Store. Over 2,000 of those apps impersonated popular games and had malware. The paper, a Multi-modal Neural Embedding Approach for Detecting Mobile Counterfeit Apps, was presented at the World Wide Web Conference in California in May documenting the results.

The study shows that there is a massive number of impersonated popular gaming apps available on Play store. They include fake versions of popular games such as Temple Run, Free Flow and Hill Climb Racing. The study investigated around 1.2 million apps on Google Play Store, available in Android, and identified a set of potential counterfeits for the top 10,000 apps.

Counterfeit apps impersonate popular apps and try to misguide users`. “Many counterfeit apps can be identified once installed. However, even a tech-savvy user may struggle to detect them before installation,” the study says.

It also points out that fake apps are often used by hackers to steal user data or infect a device with malware. “Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences like financial losses or identity theft,” reads a blog post by the university.

The study also found that 1,565 asked for at least five dangerous permissions and 1407 had at least five embedded third-party ad libraries.

To investigate these applications on Google Play store the researchers used neural networks.

Google has acknowledged the problem of “malicious apps and developers” in a blog post by Google Play product manager Andrew Ahn on February 13, 2019.

According to Google, the company now removes malicious developers from Play store much faster when compared to previous years. The company says that in 2018 it stopped more malicious apps from entering the store than ever before.

A Google spokesperson, in response to a TOI email, said, “When we find that an app has violated our policies, we remove it from Google Play.”
Read more »
Internet Security.
Fake Apps Fraud Internet Security.

Indian Internet Companies Suffering Fake App Installations




Several companies nowadays spend lump sum amount on making their applications stand out in the midst of the rest. Getting somebody to install a mobile application once can be a challenge, however toss in a touch of little something beneficial and they might be willing to download the application multiple times.

India's biggest mobile payments company Paytm's , senior VP Deepak Abbot says that this is a problem that they encounter on a daily basis and more unbridled on third-party platforms or even ad networks outside Facebook and Google.

As indicated by him, a few systems, lure users to install an application by offering something as irrelevant as cash backs or other benefits, for example, recharge packs.

What's more is that is to avail such incentives,, utilizing different internet addresses or device IDs a few users do install and uninstall such applications numerous times.

As indicated by the official report by the company around 20% of Paytm app downloads are fake, that alludes to users installing and deleting the application without investing any time or energy in it or participating in any exchange, bringing about nil returns on the cost incurred in motivating users to install the application.

Indian internet companies are as of now thinking about a sharp increment in such cases of mobile fraud even as rising traffic to their mobile platforms and driving application installation have turned out to become critical for development in a hyper-competitive environment. 

In a report last year by the US advertising and marketing company TUNE the extortion identified with mobile app installations in India is 1.7 times higher than the worldwide average, with 16.2% of the application installations in the nation being false.

 “India is the No. 1 country in terms of organic and inorganic app installs but we have seen an 85% increase in fraudulent installs of apps in the last one year,” said Sanjay Trisal, country manager, India, at Tel Aviv- “While the incentive for fraud in terms of parameters such as money made per click is much higher in other markets, India is an attractive country for fraudsters due to the sheer volume of installs” headquartered by the mobile marketing analytics and attribution firm AppsFlyer that works with more than 450 companies here including Shopclues, Paytm and Goibibo.
The most prevalent mobile frauds in India include:

·       Click fraud,’ which pertains to an ad network generating fake clicks;
·       Attribution fraud,’ or claiming credit for an app installation even if a user has downloaded the app through organic channels;
·       Device fraud,’ wherein multiple installations are claimed from the same device by changing the device’s unique IMEI number using software;
·       IP fraud,’ which involves multiple clicks from a blacklisted IP address;
·        Incentive fraud,’ wherein users are incentivised to install an app, which doesn’t result in lasting engagement.

 “Everyone is getting smarter, and the worst part is fraud networks wrongly claiming (an app installation to be)… coming from (their) network. That’s the worst part because I am having to pay for a loyal person (user) whom I actually need not be paying for ”said Pawrush Elavia, director, growth and digital, at music streaming company Saavn.

Albeit paying advertisement networks helped the increment of the quantity of new users for Saavn, a few of these clients were neither tuning in to nor spending time on the application, and that was the end point that Elavia acknowledged they needed to fix.

Companies are now adopting to various strategies to counter the hazard but there is yet no full proof solution for it.

Some are putting resources into building misrepresentation detection technologies , while others are banding together with platforms that have practical experience  and specialise in distinguishing such frauds.

Because of this mayhem the Paytm competitor MobiKwik, which had been working with in excess of 25 ad networks to acquire more clients, has turned out to be exceptionally choosy about whom it works with.

 “We have blacklisted a few ad networks, although that is not a permanent solution but we’re also working very closely with attribution companies to detect fraud cases early on, while we want our folks to focus on growth,” said Damandeep Singh Soni, head of marketing and growth at MobiKwik.

With paid marketing channels becoming increasingly unreliable,  internet companies are trimming expenditure on paid channels in a big way too.

Ad networks say they, too, are engaged in battling fraud as they work both with advertisers and publishers. “All major ad networks are working towards a fraud-free system, where they are challenged by increasingly evolving fraudsters on one hand and insufficient transparency from the marketer on the other,” said Dippak Khurana, CEO of ad network Vserv, which is backed by IDG Ventures India and Maverick Capital Ventures.

The company has engaged with independent companies that provide mobile fraud-detection tools. “The challenge is in our category is that if we use the push approach, it doesn’t work because then the uninstalls become really, really high. We have moved away from that approach,” said Sneha Roy, head of marketing at online furniture retailer UrbanLadder that mainly works with Facebook and Google to get past users to install its app again. “We let customers browse through our mobile website and develop some engagement that kind of pushes installs.”

Nevertheless in spite of it all there are still several internet companies, which are trying their level best  to move away from such rabidly chasing new installations and are instead focusing on improving engagement with users.


Read more »
Trojan infection
Android Malware Banking Trojans Fake Apps FakeBank Trojan infection

Android Malware intercepts bank calls and redirects to scammers

There is a new version of the creative FakeBank Android malware that intercepts victims’ calls to their banks and redirects them to scammers.

The trojan is one of the most creative android malware threatening the market. FakeBank operates by fooling customers using fake login screens inserted on top of legitimate banking apps.

The innovative new version not only lets scammers intercept banking calls made by customers by switching the dialed number with a special one pre-configured in the configuration file, but also enables them to actually make calls to customers using a special number, which will come up on users’ screen as if their bank is calling them.

This lets these scammers fool customers into giving away their banking information whenever they want it.

This new variant is allegedly only active in South Korea at the moment, according to a report by Symantec researchers, who have discovered the trojan in 22 apps so far via social media links and third-party app stores, targeting Korean bank clients.

In the past, the trojan has been able to whitelist its process to remain active while the users’ phone was in sleep mode and has also used TeamViewer to grant attackers full access to the device.
Read more »
Fake Apps
Android Applications Fake Apps

Spotify warns users using hacked apps to access premium for free

Spotify, the online music streaming service that had only just filed for an initial public offering (IPO) for later this month, is now cracking down on users who are using unauthorised or modified versions of the Spotify app to access Premium features for free.

These hacked apps allow freeloaders to skip songs indefinitely and enjoy ad-free streaming — features that are only available for premium users.

The free version of Spotify has certain restrictions such as advertisements, shuffle-only play, skipping restrictions, and such that encourage users to buy premium. These modified versions of Spotify make premium redundant by letting users enjoy unrestricted streaming with the help of installation files that can be downloaded alongside the app.

Spotify is sending an email to users in whose accounts they identify any “abnormal activity” and warn that future breaches could result in suspension or even termination of their Spotify account.



According to the email, to regain access to their account, a user has to simply uninstall the hacked or modified Spotify app and redownload the official app from Google Play Store.

It has not been revealed how many users reportedly use these versions to enjoy restriction-free streaming for free. According to figures released by the company in December, the service itself is used by more than 159 users around the world — 88 million of which are users of the free tier of Spotify.

Considering the company’s current losses, it is not surprising that they are finally addressing the issue.
Read more »
WhatsApp
Android Malware Dark Caracal Data Theft Fake Apps Spear Phishing attacks WhatsApp

Lebanon Spyware Uncovered, Steals Data through Fake Messaging Apps

Researchers from non-profit campaign group Electronic Frontier Foundation (EFF) and mobile security group Lookout have together uncovered malware that targets individuals such as military personnel, journalists, lawyers, and activists, using fake apps that look like popular messaging apps like WhatsApp and Signal.

The malware, dubbed “Dark Caracal” by the researchers, targets known Android weaknesses and iOS has not been affected by it.

According to their report on Dark Caracal, the malware was traced back to a server in a Lebanese government building — a building belonging to the Lebanese General Security Directorate in Beirut, Lebanon — and seems like the threat could be coming from a nation-state.

“We have identified hundreds of gigabytes of data exfiltrated from thousands of victims, spanning 21+ countries in North America, Europe, the Middle East, and Asia,” the report read.

“This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying because phones are full of so much data about a person’s day-to-day life,” said EFF Director of Cybersecurity Eva Galperin.

Data stolen through the spyware includes documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data.

According to EFF, WhatsApp or Signal have not been compromised, and Google has confirmed that the infected apps were not downloaded from its Play Store. Instead, the attackers use “spearphishing” to get these fake apps on targets’ phones, which is a phishing attack that specifically targets an individual using information the attacker has on the victim.

“All Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin.

Dark Caracal has reportedly been operating since 2012 but has been unable to track down because of the number of similar attacks happening all over the world that have repeatedly been misattributed to other cybercrime groups.

This research has shed light on how governments and people are able to spy on individuals all over the world.


Read more »
Subscribe to: Posts (Atom)