Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Play Store. Show all posts
Steganography
Android Google Play Store malware Necro Trojan Steganography

Necro Trojan Uses Steganography to Attack 11 Million Devices

Necro Trojan Uses Steganography to Attack 11 Million Devices

Necro Trojan, which has recently made headlines for its innovative use of steganography has compromised over 11 million Android devices. This blog delves into the intricacies of this malware, how it works, and its impact on cybersecurity.

Understanding the Necro Trojan

The Necro Trojan, also known as Necro Python, is a versatile and highly adaptive piece of malware. Its primary strength lies in its modular architecture, allowing it to perform various malicious activities. 

These include displaying invisible ads, executing arbitrary code, and subscribing users to premium services without their consent. However, what sets the Necro Trojan apart is its use of steganography—a technique that involves hiding malicious code within seemingly innocuous files, such as images.

The Role of Steganography

Steganography is an ancient practice where hidden messages were concealed within other forms of communication. This technique has been repurposed in the digital age for more scandalous ends. 

The Necro Trojan is a complex, multi-stage Android malware that has managed to infiltrate both Google Play and unofficial app sources, impacting over 11 million devices. It targets popular apps such as Wuta Camera, Max Browser, and modified versions of Spotify, WhatsApp, and Minecraft.

Necro uses advanced evasion techniques, including obfuscation with OLLVM, steganography to conceal payloads in PNG images, and a modular architecture for versatility. The infection process begins with a loader that connects to C2 servers, often utilizing Firebase Remote Config.

The Trojan’s plugins (NProxy, island, web, Happy SDK, Cube SDK, and Tap) perform various tasks, from creating tunnels through victim devices to manipulating ad interactions. Its self-updating capability and use of reflection to integrate privileged WebView instances within processes help it bypass security measures.

How Necro Trojan Impacts Android Devices

The scale of the Necro Trojan’s impact is staggering. With over 11 million Android devices compromised, the malware has demonstrated its ability to spread rapidly and efficiently. 

The consequences for affected users can be severe, ranging from unauthorized financial transactions to significant data breaches. Moreover, the Trojan’s ability to execute arbitrary code means that it can be used to deploy additional malware, further compounding the threat.

Read more »
Technology
Cyberattacks CyberCrime Cybersecurity CyberThreat Finance Google Play Store MoS Technology

MoS Finance Comments Google's Swift Response in Removing 2,200 Deceptive Loan Apps

 


According to the government, over 2,200 fraudulent loan apps have been suspended or removed from Google's Play Store between September 2022 and August 2023, as outlined in a written statement issued by the government on Tuesday. 

As per a written reply to a Rajya Sabha question, Minister of State for Finance Bhagwat K Karad said the government has been in constant contact with the Reserve Bank of India (RBI) and other regulators and stakeholders to control fraudulent loan apps. 

Based on the information provided by MeitY (Ministry of Electronics and Information Technology), it seems that Google has reviewed about 3,500 to 4,000 loan apps between April 2021 and July 2022 and has suspended or removed over 2,500 of those apps from its Play Store during this period. 

It was stated that the Reserve Bank of India has released a set of regulatory guidelines that aim to strengthen the regulatory framework for digital lending and to make sure the customer's safety and well-being are protected, as well as ensuring a safe and secure digital lending ecosystem so that, ultimately, a more secure digital lending environment can be created. 

Several regulatory guidelines have been issued by the Reserve Bank of India on digital lending, according to the minister, aimed at strengthening the regulatory framework for digital lending, improving customer protection, and making the digital lending ecosystem a safer and healthier place to operate. 

The Indian Cyber Crime Coordination Centre (I4C), Ministry of Home Affairs (MHA) has been continuously analysing digital lending apps, he said. The Minister of State of Finance, MoS Karad, revealed that the government has been actively working with regulatory authorities like the Reserve Bank of India to reduce the number of illegal loan apps in the country. 

To mitigate vulnerabilities in the Indian financial system, Karad stressed the need for timely action by the Indian government to maintain cybersecurity preparedness. According to him, one of the efforts in this regard had been the RBI sharing with MeitY an exclusive list of 442 unique digital lending applications for whitelisting, a list which had also been shared with Google and was part of a similar effort. 

In the preceding two and a half years of collaborating with the tech giant, MeitY has removed or suspended over 4,700 fraudulent loan apps from the Google Play Store due to its collaboration with MeitY. The purge was carried out between April 2021 and July 2022 by Karad. After that, another 2,200 apps were removed between September 2022 and August 2023 by Karad. 

As per Karad, about 2,500 loan apps were taken down between April 2021 and July 2022. In addition to that, the minister also pointed out that Google has implemented stricter policies regarding the enforcement of loan apps on its Play Store, only allowing those apps that are created by regulated entities or those that are affiliated with them. 

Aside from this, it was also mentioned that the RBI has issued regulatory guidelines on digital lending in tandem with the actions mentioned above, to enhance customer protection in the digital lending ecosystem by strengthening the regulatory framework and fortifying oversight. As part of its efforts to combat cybercrime, the Indian Cybercrime Coordination Centre (I4C) is actively monitoring digital lending applications under the Ministry of Home Affairs. 

A national cybercrime reporting portal and a dedicated helpline number have been established by the union home ministry to give citizens the ability to report cybercrime incidents, including those related to illegal loan apps. 

The government of India and the Reserve Bank of India have undertaken several awareness initiatives, such as social media safety tips, educational handbooks, and campaigns to combat cybercrime, as part of their efforts to raise public awareness. 

According to the minister, the government will maintain vigilance, take regulatory actions, and conduct awareness campaigns, including e-BAAT, electronic banking awareness and training (e-BAAT) programs run by the Reserve Bank of India, to combat cybercrimes, particularly those relating to fraudulent loan apps. 

Since JanSamarth launched its portal at the end of last year, more than 1,83,903 beneficiaries have applied for loans via the JanSamarth portal, reaching a total of more than 2,10,000 beneficiaries. During 2022-23, Karad reportedly reported 7,25 cases of fraud related to UPI in a separate response. In total, there were 573 crores involved in these fraud cases, which amounts to a large amount of money.
Read more »
Software
Android Apple Cyber Security Google Google Play Store iPhone Malicious actor Software

17 Risky Apps Threatening Your Smartphone Security

Users of Google Android and Apple iPhone smartphones have recently received a vital warning to immediately remove certain apps from their devices. The programs that were found to be potentially dangerous have been marked as posing serious concerns to the security and privacy of users.

The alarming revelation comes as experts uncover 17 dangerous apps that have infiltrated the Google Play Store and Apple App Store, putting millions of users at risk of malware and other malicious activities. These apps, primarily disguised as loan-related services, have been identified as major culprits in spreading harmful software.

The identified dangerous apps that demand immediate deletion include:

  1. AA Kredit
  2. Amor Cash
  3. GuayabaCash
  4. EasyCredit
  5. Cashwow
  6. CrediBus
  7. FlashLoan
  8. PréstamosCrédito
  9. Préstamos De Crédito-YumiCash
  10. Go Crédito
  11. Instantáneo Préstamo
  12. Cartera grande
  13. Rápido Crédito
  14. Finupp Lending
  15. 4S Cash
  16. TrueNaira
  17. EasyCash

According to a report by Forbes, the identified apps can compromise sensitive information and expose users to financial fraud. Financial Express also emphasizes the severity of the issue, urging users to take prompt action against these potential threats.

Google's Play Store, known for its extensive collection of applications, has been identified as the main distributor of these malicious apps. A study highlights the need for users to exercise caution while downloading apps from the platform. The study emphasizes the importance of app store policies in curbing the distribution of harmful software.

Apple, recognizing the gravity of the situation, has announced its intention to make changes to the App Store policies. In response to the evolving landscape of threats and the increasing sophistication of malicious actors, the tech giant aims to enhance its security measures and protect its user base.

The urgency of the situation cannot be overstated, as the identified apps can potentially compromise personal and financial information. Users must heed the warnings and take immediate action by deleting these apps from their devices.

The recent discovery of harmful programs penetrating well-known app shops serves as a sobering reminder of the constant dangers inherent in the digital world. Users need to prioritize their internet security and be on the lookout. In an increasingly linked world, it's critical to regularly check installed apps, remain aware of potential threats, and update device security settings.



Read more »
Technology
Android app ecosystem app sideloading Google Google Play Store Safety Security Risks Technology

Google CEO Warns of Potential Security Risks Associated with Sideloading Apps

 

In recent years, sideloading apps, the practice of installing apps from sources outside of official app stores, has gained significant traction. While Android has always embraced this openness, Apple is now facing pressure to follow suit. 

This shift in dynamics is evident in the ongoing legal battle between Google and Epic Games, where Epic Games accuses Google of stifling competition by imposing high fees on app developers.

Google CEO Sundar Pichai has defended Google's stance, citing security concerns associated with sideloading apps. He emphasizes that Google's policies, exemplified by Android's diverse device designs, foster innovation and provide users with choices.

However, Pichai's emphasis on security raises eyebrows, as Android has always been known for its open-source nature and embrace of sideloading. His focus on potential malware infections seems to be a tactic to instill fear among users. In reality, Google's Play Protect feature is only a recent addition for screening sideloaded apps.

Critics argue that sideloading empowers Google with greater control over the apps users can access. While Google maintains that the Play Store provides the highest level of security, a study by Kaspersky Labs contradicts this claim, revealing that over 600 million malicious app downloads occurred from the Google Play Store in 2023 alone.

Apple's staunch opposition to sideloading stems from its desire to retain control over the app distribution process on iPhones. However, both Apple and Google are undoubtedly aware of the 30% commission they charge developers for hosting apps on their respective app stores. This hefty fee has driven companies like Epic Games to explore alternative distribution channels.

The debate over sideloading highlights the growing tension between app developers, app store operators, and users. As the battle for app distribution intensifies, it remains to be seen whether sideloading will become a mainstream practice or remain a niche alternative.
Read more »
User Privacy
Google Play Store malware Threat actor User Privacy

Malware Surge in Google Play: A Threat to Millions

Smartphone users, supposing some degree of security, largely rely on app stores to download software in an era dominated by digital innovations. But new information has revealed an increasingly serious issue: malware has been infiltrated into the Google Play Store, endangering millions of users.

According to a report by Kaspersky, over 600 million malicious app downloads were recorded in 2023 alone, exposing the vulnerability of one of the world's largest app marketplaces. The malware, often disguised as seemingly harmless applications, has successfully bypassed Google's security protocols, raising questions about the effectiveness of current preventive measures.

The malware threat is not new, but the scale and audacity of recent attacks are alarming. Cybercriminals are exploiting popular and common apps to spread malware, as highlighted in a detailed investigation by The Hindu. By injecting malicious code into seemingly innocuous apps, these cybercriminals trick users into downloading and installing malware unknowingly, leading to potential data breaches, identity theft, and other serious consequences.

Google's response to this issue has come under scrutiny, especially considering its claim to have stringent security measures in place. The tech giant's inadvertent approval of malware-infected apps has been dubbed a "goof-up" by experts. Firstpost reported that Google's failure to detect and remove these malicious apps in a timely manner has allowed them to accumulate a staggering number of downloads.

The implications of this cybersecurity lapse extend beyond individual users to corporations and organizations relying on Google Play Store for distributing enterprise applications. The potential for malware to infiltrate corporate networks through compromised devices is a significant threat that cannot be ignored.

Users and tech businesses alike have a responsibility to put cybersecurity first as we navigate an increasingly digital world. When downloading apps, users should be cautious and watchful, making sure to confirm the legitimacy of the developers and carefully reviewing the permissions of each app. To protect their users, digital companies must simultaneously make investments in stronger security measures, evaluate apps carefully, and take prompt action to eliminate any threats that are found.

The rise in malware within the Google Play Store serves as a stark reminder that no digital platform is immune to cyber threats. It is imperative for the tech industry to collaborate and innovate continuously to stay ahead of cybercriminals, ensuring the safety and security of the ever-expanding digital ecosystem. The onus is on all stakeholders to collectively address this escalating challenge and fortify the defenses of our digital future.

Read more »
Private Data
Android App Android games Cyber Security Data Privacy Google Google Play Store Malicious Android Apps McAfee Phishing Attacks Private Data

Google Removes 22 Malicious Android Apps Exposed by McAfee

Google recently took action against 22 apps that are available on the Google Play Store, which has alarmed Android users. These apps, which have been downloaded over 2.5 million times in total, have been discovered to engage in harmful behavior that compromises users' privacy and severely drains their phone's battery. This disclosure, made by cybersecurity company McAfee, sheds light on the hidden threats that might be present in otherwise innocent programs.

These apps allegedly consumed an inordinate amount of battery life and decreased device performance while secretly running in the background. Users were enticed to install the programs by the way they disguised themselves as various utilities, photo editors, and games. Their genuine intentions, however, were anything but harmless.

Several well-known programs, like 'Photo Blur Studio,' 'Super Smart Cleaner,' and 'Magic Cut Out,' are on the list of prohibited applications. These applications took use of background processes to carry out tasks including sending unwanted adverts, following users without their permission, and even possibly stealing private data. This instance emphasizes the need for caution while downloading apps, especially from sites that might seem reliable, like the Google Play Store.

Google's swift response to remove these malicious apps demonstrates its commitment to ensuring the security and privacy of its users. However, this incident also emphasizes the ongoing challenges faced by app marketplaces in identifying and preventing such threats. While Google employs various security measures to vet apps before they are listed, some malicious software can still evade detection, slipping through the cracks.

As a precautionary measure, users are strongly advised to review the apps currently installed on their Android devices and uninstall any that match the names on the list provided by McAfee. Regularly checking app permissions and reviews can also provide insights into potential privacy concerns.

The convenience of app stores shouldn't take precedence over the necessity of cautious and educated downloading, as this instance offers as a sharp reminder. Users must actively participate in securing their digital life as fraudsters become more skilled. A secure and reliable digital environment will depend on public understanding of cybersecurity issues as well as ongoing efforts from internet behemoths like Google.

Read more »
Vulnerabilities and Exploits
Android Users Chat GPT Fake ChatGPT Apps Google Play Store Unauthorized access Vulnerabilities and Exploits

Beware of Fake ChatGPT Apps: Android Users at Risk

In recent times, the Google Play Store has become a breeding ground for fraudulent applications that pose a significant risk to Android users. One alarming trend that has come to light involves the proliferation of fake ChatGPT apps. These malicious apps exploit unsuspecting users and gain control over their Android phones and utilize their phone numbers for nefarious scams.

Several reports have highlighted the severity of this issue, urging users to exercise caution while downloading such applications. These fake ChatGPT apps are designed to mimic legitimate AI chatbot applications, promising advanced conversational capabilities and personalized interactions. However, behind their seemingly harmless facade lies a web of deceit and malicious intent.

These fake apps employ sophisticated techniques to deceive users and gain access to their personal information. By requesting permissions during installation, such as access to contacts, call logs, and messages, they exploit the trust placed in them by unsuspecting users. Once granted these permissions, the apps can hijack an Android phone, potentially compromising sensitive data and even initiating unauthorized financial transactions.

One major concern associated with these fraudulent apps is their ability to utilize phone numbers for scams. With access to a user's contacts and messages, these apps can initiate fraudulent activities, including spamming contacts, sending phishing messages, and even making unauthorized calls or transactions. This not only puts the user's personal information at risk but also jeopardizes the relationships and trust they have built with their contacts.

To protect themselves from falling victim to such scams, Android users must remain vigilant. Firstly, it is crucial to verify the authenticity of an app before downloading it from the Google Play Store. Users should pay attention to the developer's name, ratings, and reviews. Furthermore, they should carefully review the permissions requested by the app during installation, ensuring they align with the app's intended functionality.

Google also plays a vital role in combating this issue. The company must enhance its app review and verification processes to identify and remove fake applications promptly. Implementing stricter guidelines and employing advanced automated tools can help weed out these fraudulent apps before they reach unsuspecting users.

In addition, user education is paramount. Tech companies and cybersecurity organizations should actively spread awareness about the risks of fake apps and provide guidance on safe app usage. This can include tips on verifying app authenticity, understanding permission requests, and regularly updating and patching devices to protect against vulnerabilities.

As the prevalence of fake ChatGPT apps continues to rise, Android users must remain cautious and informed. By staying vigilant, exercising due diligence, and adopting preventive measures, users can safeguard their personal information and contribute to curbing the proliferation of these fraudulent applications. The battle against fake apps requires a collaborative effort, with users, app stores, and tech companies working together to ensure a safer digital environment for all.
Read more »
Privacy
Android Apps Data Privacy Section Data Safety Form Google Google Play Google Play Store Mozilla Mozilla Research Privacy

Mozilla Research Lashes Out Google Over ‘Misleading’ Privacy Labels on Leading Android Apps


An investigation, conducted by the Mozilla Foundation, into the data safety labels and privacy policy on the Google Play Store has exposed some severe loopholes that enable apps like Twitter, TikTok, and Facebook to give inaccurate or misleading information about how user data is shared. 

The study was conducted between the 40 most downloaded Android apps, out of which 20 were free apps and 20 were paid, on Google Play and found that nearly 80% of these apps disclose misleading or false information. 

The following findings were made by the Mozilla researchers: 

  • 16 of these 40 apps including Facebook and Minecraft, had significant discrepancies in their data safety forms and privacy policies. 
  • 15 apps received the intermediate rating, i.e. “Need Improvement” indicating some inconsistencies between the privacy policies and the Data Safety Form. YouTube, Google Maps, Gmail, Twitter, WhatsApp Messenger, and Instagram are some of these applications. 
  • Only six of these 40 apps were granted the “OK” grade. These apps included Candy Crush Saga, Google Play Games, Subway Surfers, Stickman Legends Offline Games, Power Amp Full Version Unlocker, and League of Stickman: 2020 Ninja. 

Google’s Data Privacy Section 

Google apparently launched its data privacy section for the Play Store last year. This section was introduced in an attempt to provide a “complete and accurate declaration” for information gathered by their apps by filling out the Google Data Safety Form. 

Due to certain vulnerabilities in the safety form's honor-based system, such as ambiguous definitions for "collection" and "sharing," and the failure to require apps to report data shared with "service providers," Mozilla claims that these self-reported privacy labels may not accurately reflect what user data is actually being collected. 

In regards to Google’s Data Safety labels, Jen Caltrider, project lead at Mozilla says “Consumers care about privacy and want to make smart decisions when they download apps. Google’s Data Safety labels are supposed to help them do that[…]Unfortunately, they don’t. Instead, I’m worried they do more harm than good.” 

In one instance in the report, Mozilla notes that TikTok and Twitter both confirm that they do not share any user data with the third parties in their Data Safety Forms, despite stating that the data is shared with the third parties in their respective privacy policies. “When I see Data Safety labels stating that apps like Twitter or TikTok don’t share data with third parties it makes me angry because it is completely untrue. Of course, Twitter and TikTok share data with third parties[…]Consumers deserve better. Google must do better,” says Caltrider. 

In response to the claim, Google has been dismissing Mozilla’s study by deeming its grading system inefficient. “This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects[…]The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information,” says a Google spokesperson. 

Apple, on the other hand, has also been criticized for its developer-submitted privacy labels. The 2021 report from The Washington Post indicates that several iOS apps similarly disclose misleading information, along with several other apps falsely claiming that they did not collect, share, or track user data. 

To address these issues, Mozilla suggests that both Apple and Google adopt an overall, standardized data privacy system across all of their platforms. Mozilla also urges that major tech firms shoulder more responsibility and take enforcement action against apps that fail to give accurate information about data sharing. “Google Play Store’s misleading Data Safety labels give users a false sense of security[…]It’s time we have honest data safety labels to help us better protect our privacy,” says Caltrider.  

Read more »
Subscribe to: Posts (Atom)