Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Play. Show all posts
North Korean
Android App Safety Android Apps Android Spyware data security Fake Apps Google Play Google Play fake apps Mobile Security North Korean

North Korean Spyware Disguised as Android Apps Found on Google Play

 

Researchers have discovered at least five Android apps on Google Play that secretly function as spyware for the North Korean government. Despite passing Google Play’s security checks, these apps collect personal data from users without their knowledge. The malware, dubbed KoSpy by security firm Lookout, is embedded in utility apps that claim to assist with file management, software updates, and even device security. 

However, instead of providing real benefits, these apps function as surveillance tools, gathering a range of sensitive information. KoSpy-infected apps can collect SMS messages, call logs, location data, files, nearby audio, keystrokes, Wi-Fi details, and installed apps. Additionally, they can take screenshots and record users’ screens, potentially exposing private conversations, banking credentials, and other confidential data. All collected information is sent to servers controlled by North Korean intelligence operatives, raising serious cybersecurity concerns. 

Lookout researchers believe with “medium confidence” that two well-known North Korean advanced persistent threat (APT) groups, APT37 (ScarCruft) and APT43 (Kimsuki), are behind these spyware apps. These groups are known for conducting cyber espionage and targeting individuals in South Korea, the United States, and other countries. The malicious apps have been found in at least two app stores, including Google Play and Apkpure. The affected apps include 휴대폰 관리자 (Phone Manager), File Manager, 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. 

On the surface, these apps appear legitimate, making it difficult for users to identify them as threats. According to Ars Technica, the developer email addresses are standard Gmail accounts, and the privacy policies are hosted on Blogspot, which does not raise immediate suspicions. However, a deeper analysis of the IP addresses linked to these apps reveals connections to North Korean intelligence operations dating back to 2019. These command-and-control servers have been used for previous cyberespionage campaigns. 

Google responded to the findings by stating that the “most recent app sample” was removed from Google Play before any users could download it. While this is reassuring, it highlights the ongoing risk of malicious apps bypassing security measures. Google also emphasized that its Play Protect service can detect certain malicious apps when installed, regardless of the source.  

This case serves as another reminder of the risks associated with installing apps, even from official sources like Google Play. Users should always scrutinize app permissions and avoid installing unnecessary applications. A file manager, for example, should not require access to location data. By staying cautious and using reputable security tools, Android users can better protect their personal information from spyware threats.
Read more »
Smartphone
Google Play Google Play fake apps Malicious Apps Mobile Security Mobile Spyware Pegasus Spyware Predator spyware Smartphone

How to Spot and Avoid Malicious Spyware Apps on Your Smartphone

 

Spyware apps masquerading as legitimate software are a growing threat on app stores, particularly Google Play. These malicious apps can steal personal data, commit financial fraud, and install malware on unsuspecting users’ devices. A Zscaler report found 200 spyware apps on Google Play in a single year, with over 8 million downloads, highlighting the extent of the issue. 

These apps, often called trojans, execute attacks after installation. They can steal login credentials, inject malware, enable cryptojacking, and even deploy ransomware. While third-party app stores are known for hosting dangerous software, even official platforms like Google Play have security gaps that allow these threats to slip through. Social engineering tactics, such as phishing emails and SMS messages, also contribute to the spread of these fake apps. 

Smartphones are ideal targets for cybercriminals because users store vast amounts of personal information on them. Many people, especially those unfamiliar with app security, struggle to identify spyware. Once installed, these apps can lead to severe consequences, including data breaches, identity theft, and unauthorized financial transactions. Some spyware apps even contain rootkits, allowing hackers to control devices remotely. 

To avoid downloading malicious spyware apps, users should look for warning signs. Fake apps often have distorted logos, grammatical errors in their descriptions, and a lack of official contact information. Checking the number of downloads, reading user reviews for inconsistencies, and monitoring permission requests can also help spot fraudulent apps. If an app requests unnecessary access—such as a calculator app asking for location data—it is likely unsafe. Activating Google Play Protect and avoiding apps that promise unrealistic features can further enhance security. 

The increasing prevalence of spyware is due to rapid technological advancements that make it easier for cybercriminals to steal data. Sophisticated spyware tools like Predator and Pegasus can execute zero-click attacks, meaning users don’t even need to download an app to be compromised. Such spyware has been exploited by criminals and government agencies alike to target journalists, activists, and even businesses. 

Ultimately, online security threats are everywhere, and spyware in app stores is just one part of the problem. Practicing caution, verifying app legitimacy, and understanding the risks can help users stay protected. By staying vigilant and making informed choices, individuals can safeguard their data and minimize the risk of falling victim to spyware attacks.
Read more »
Versioning
Cyber Attacks Cyber-attacks Data Theft Google Play Versioning

Tricky Malware Uses Versioning to Outsmart Google Play Store Scanners

In recent developments, threat actors are using a technique known as "versioning" to evade Google Play Store's malware detection mechanisms, posing a significant risk to Android users. This method allows them to specifically target users and compromise their sensitive information, including credentials, data, and finances. Despite being a known tactic, versioning remains challenging to detect, making it a preferred choice for malicious developers. 

In May, cybersecurity firm ESET uncovered a screen recording app called "iRecorder - Screen Recorder." Surprisingly, the app remained undetected for almost a year on the Play Store before malicious modifications were made to enable covert spying on its users. 

SharkBot, a notorious malware utilizing the DCL method, has been consistently resurfacing on the Play Store. This malware disguises itself as security and utility apps to deceive users. Operating as a financial trojan, SharkBot executes unauthorized money transfers from compromised devices through the Automated Transfer Service (ATS) protocol. 

Here's how the versioning technique works: 

Innocent-looking Initial Release: Malicious developers begin by releasing an app's initial version on the Google Play Store, which appears harmless and successfully passes Google's pre-publication security checks. This initial version is designed to avoid detection by security measures. 

Introduction of Malicious Components: Subsequently, the developers push updates to the app. These updates introduce malicious components into the seemingly harmless app. These malicious components are cleverly hidden, allowing the initial version to pass the security checks while carrying hidden threats. 

Attackers' Controlled Servers: The updates containing the harmful code are delivered to users' devices from servers controlled by the attackers. These servers enable the attackers to dynamically load code (Dynamic Code Loading or DCL) onto the devices without raising any suspicion. 

App as a Backdoor: As a result of the malicious updates, the app effectively becomes a dangerous backdoor on the compromised devices. This grants the attackers unauthorized access and control over the compromised devices, enabling them to exploit sensitive information, compromise security, and carry out further malicious activities. 

According to a report from ThreatFabric, cybercriminals have been exploiting an Android bug to make malicious apps appear harmless. They achieve this by "corrupting components of an app" in a way that the app remains valid as a whole. This allows malicious apps to bypass detection and pose a threat to unsuspecting users. 
Read more »
TikTok
Americal Civil Liberties Apple's Store Cyber space Cyberattacks Cyberfrauds FBI Google Play Privacy TikTok

The Montana Legislature Banned TikTok

 


A bill introduced in Montana would prevent apps like TikTok from being listed for download on app stores such as Google Play and Apple's App Store. The bill is forwarded to Republican Governor Gianforte for signature. 

TikTok, owned by Chinese investors, continues to be the target of fierce battles. As part of their efforts to address short-form video apps, Montana lawmakers voted on Friday to ban the most popular app from the state. 

Reuters writes that a bill would prevent applications like TikTok from being listed on apps stores, like Google Play or Apple's App Store in Montana. A 54-43 vote in the Montana House of Representatives approved the bill, SB419. Upon signing the bill, Gianforte will ensure it comes into effect in January. Despite the potential for substantial legal challenges, the legislation may still pass. 

However, there is nothing in the bill that makes it illegal for people who already use the app. This is regardless of the enacted law. The bill's original version forced internet providers to block TikTok. However, that particular language was removed, and it is not part of the amended bill. 

A state government has taken the first step in restricting TikTok in response to perceived security concerns since the legislation was passed. A national ban on TikTok seems to be on the cards after some federal lawmakers have called for an end to the app. 

A bill has been introduced targeting TikTok. It outlines the potential penalties imposed on the company if it violates the law daily. In addition to app stores that violate the law, penalties would also apply. As a result, users who access TikTok as part of their routine will not be penalized for doing so. 

As a result of allegations that TikTok's Chinese owner, ByteDance, places US users' personal information at risk for marketing purposes, the app has come under significant scrutiny from US legislators in recent months. Several congressmen have called for American data sharing with the Chinese government at the federal and state level. Last month, a congressional committee grilled TikTok CEO Shou Zi Chew on the issues widely held by the general public on social media.  

Numerous claims are being made against TikTok, including accusations of data theft, data mining, piracy, and data collection. However, TikTok has repeatedly denied these claims. To gain respect among US legislators, TikTok poured more than $1 billion into establishing a database where American users' data would be archived exclusively on Oracle's servers.

As acknowledged by its champions, the bill's supporters have no practical plans for operationalizing this attempt to censor American voices and therefore have no chance of succeeding. It has also been confirmed by TikTok's spokesperson Brooke Oberwetter that a court will decide whether the bill's constitutionality can stand up in court. Brooke hopes that the government of Montana will continue to abuse the First Amendment to keep TikTok users and creators in Montana from earning a living and protecting their rights under the First Amendment. 

Currently, the bill is being sent to the governor to be signed into law. There is a high probability that Republican governor Greg Gianforte will sign it. In Montana, TikTok has been banned from government devices because he previously banned it. Similar executive orders have been enacted by other states to ban the use of the app on devices and networks owned and operated by the government. 

Data safety concerns, surveillance by the Chinese government, and the involvement of minors in "dangerous activities" resulting from TikTok use were cited in the bill, which included a claim that minors were cooking chicken in NyQuil and climbing milk crates as dangerous activities. Critics of the app say that these activities were part of a set of challenges that had become popular. 

As a result of the links that TikTok's parent company, ByteDance, has with TikTok's parent company, the Chinese government has been widely expressed as having a potential risk of accessing user data from TikTok. 

In addition, they worry that this kind of information could be used by Chinese intelligence agencies or propaganda campaigns for their benefit. It is unclear whether the Chinese government has accessed or used any data related to TikTok's US users to influence them, and there has been no public evidence of this. According to Christopher Wray, Director of the FBI, the FBI does not believe many signs would be at first glance if this were to happen if it did happen. 

To make TikTok safer and more sustainable, the US government has called on its Chinese owners to spin off TikTok. In the context of its Project Texas initiative, TikTok says it can address national security concerns by installing a "firewall" around US users' data covering a wide area of cyberspace. 

Despite the uncertainty surrounding Montana's legislation's future, there is still hope for it. TikTok is a member of an industry group called NetChoice, which also has other technology companies in its membership. The group declared Friday that SB419 violates the US Constitution by trying to punish a person without a trial, or so-called "bills of attainment." 

It has been alleged by other civil society organizations that SB419 violates Montanans' rights to free expression as well as their access to information under the First Amendment. Earlier this week, the American Civil Liberties Union sent a letter to members of state legislatures in which the organization made the argument that government restrictions on freedom of speech must meet a high constitutional standard. 

As a result of SB 419, Montanans would be better off without a platform where they could speak out freely and exchange ideas daily; this would be censorship. 

According to the letter, if this becomes a law, it will set a dangerous precedent that government bodies will hold excessive control over Montanans’ access to the internet. According to Lynn Greenky, a First Amendment scholar and associate professor of Communication Studies at Syracuse University, the legislation also refers to "dangerous content" and "dangerous challenges" to TikTok phrases, raising an immediate "red flag" that will trigger a more thorough review of the bill. 

The bill sponsor, Shelley Vance, did not respond to a request for comment immediately after receiving it. In response to a question about Gianforte's comments, Gianforte's spokesperson failed to respond immediately. If the law is passed, the app ban will be implemented before 2024 begins. Several Congressmen are expressing concerns about the app as security concerns rise due to Chinese owners. As part of the Biden administration's warning issued last month, TikTok's parent company ByteDance, based in China, was told to divest ownership of the service or face a ban by the federal government.
Read more »
User Data
Android Archived Apps Auto-Archive Google Play Personal Data Technology User Data

Users of Android can Now Save Space by Auto Archiving

 


In an announcement by Chang Liu and Lidia Gaymond, Google Play product managers announced that an upcoming auto-archive feature would be introduced later this month. This feature has been added to make device storage management easier for Android users. As a result of this feature, there is less chance of unintentional app uninstallations, and users can install updated apps without hassle. 

Developers who use the App Bundle to publish their apps can only use auto-archive for their apps. To increase the chances of your app appearing in users' uninstall suggestions, ensure that your app supports archiving. 

If there is insufficient storage for an app to be installed, the device will prompt the user to enable auto-archive. Users can easily turn on auto-archive when opting in, freeing up space on their devices. 

There are several reasons why people uninstall applications, but the most common is to free up space on their devices. 

It has been customary to prompt users to manually uninstall apps when their device's storage nears capacity. This is so that they can make room for updated ones to be installed. Users can save up to nearly 60% of an app's storage space by using the enhanced auto-archiving feature, which allows the app to be deleted and the data is not lost when deleted. 

There was a time when an app would automatically be recommended to be uninstalled when there was not enough space on the device. Android is getting access to the ‘archive’ feature that was worked on by the tech giant.  

In addition to checking and removing unused apps manually from the phone settings, users can also remove them manually from their apps list. Despite this, the uninstallation of an application can lead to the data you entered into it being lost. 

A user installing an Android app will receive a prompt to use the app's auto-archiving feature when the device's storage is running low, and the app is installed on the device. By simply turning on the feature, users can archive all apps no longer in use. They can also delete permissions, temporary files, and alerts created in the past. 

Having app archiving enabled on your device will help you recognize when you lack storage. You can archive apps that you rarely use when it detects space shortage. Your device will automatically archive apps you do not use often if it detects that you don't have enough storage. Personal data will be saved if you download the app again. 

In addition to allowing users to partially remove infrequently used apps from their devices, the auto-archive feature allows the user to preserve the icon for those apps and the data the user has entered for them. It is a visual indication of archiving that the user can see cloud icons on their device when it comes to Archived Apps. As long as the app is still available on Google Play, users can re-download and use the archived app from where they left off by tapping the icon, provided that they wish to continue using the app from where they had left off. 

The process of opting into auto-archive is easy, and the user can do it with just a few clicks. When the user attempts to install a new app on the device, and the device is out of storage, a pop-up window appears asking if the user would like auto-archiving to be enabled. The user can opt-in to auto-archive the unused apps on their device if they wish, allowing the phone's storage to be freed up so that the updated application can be installed.   
Read more »
Kaspersky
App security Cyber Crime Cybercrime Actors Darknet Markets Google Apps Google Play Google Play Threats Kaspersky

Cybercriminals Set Android Apps For Sale for Up to $20K a Piece


Cyber threat actors have lately been targeting the official Google Play app store’s security by developing trojan malwares for existing Android apps, selling the malwares for up to $20,000 a piece on darknet markets. 

In a blog post published on April 10, Kaspersky researchers reported their findings of a thorough analysis of nine of the most well-known Dark Web forums. They discovered a booming market of buyers and sellers exchanging access to botnets, malicious Android applications, and app developer accounts for hundreds of dollars at a time by monitoring activities between 2019 and 2023. 

Some highly valuable products, such as source code that can let a threat actor hack into an existing cryptocurrency or a dating app on Google Play can cost several thousand dollars. 

"It's an infinite cat and mouse game[…]The attackers find a way to bypass security scanners. Then the people developing the security scanners deploy patches to ensure that doesn't happen again. Then the attackers find new flaws. And it goes on and on," says Georgy Kucherin, Kaspersky research with regards to Google’s app security. 

The Marketplace for Google Play Hacks 

Any program that is posted to the Apple or Google app stores undergoes a rigorous inspection. However, according to the Kaspersky researchers “just like any security solution that exists in the world, it's not 100% effective[…]Every scanner contains flaws that threat actors exploit to upload malware to Google Play." 

Commonly, there are two methods by with a hacker attempts to sneak malware onto an app store: 

  • The first method entails publishing a completely safe software to the app store. If it has been approved, or even better, if it has attracted a sizable enough audience, hackers will submit an update that contains the malicious code. 
  • The second involves hackers compromising legitimate app developers, accessing their accounts to upload malware to already-existing programs. With no two-factor authentication and strong password restrictions in place, app developer accounts are more vulnerable to hacking. Credential leaks occasionally enable hackers to accomplish the majority of their goals by giving them access to important company development systems and accounts. 

Moreover, depending on the developer, access to a Google Play account may only cost as little as $60, depending on the developer. However, other, more beneficial accounts, resources, and services have significantly greater costs. 

For example, considering the power they hold, loaders — the software necessary to deploy malicious code into an Android app — can cost big bucks on the darknet markets, ranging up to a whopping $5,000 each for an instance. 

A well-resourced criminal could well go with a premium package, like the source code for a loader. 

 "You can do whatever you want with that — deploy it to as many apps as you want[…]You can modify the code as much as you want, adapting it to your needs. And the original developer of the code may even provide support, like updates for the code, and maybe new ways to bypass security measures," Kucherin explains. 

How Can a Company Protect Itself from Google Play Threats 

The threats posed by Google Play are a cause of great concern to organizations, especially the ones with feeble enterprise security. Kucherin notes that many businesses still have lax bring-your-own-device arrangements in place, which extend the security perimeter outside of corporate networks and right into the hands of its employees. 

"Say an employee installs a malicious app on the phone[…]If this app turns out to be a stealer, cybercriminals can get access to, for example, corporate emails or sensitive corporate data, then they can upload it to their servers and sell it on the Dark Web. Or even worse: An employee might keep their passwords in, for example, their phone's notes app. Then hackers can steal those notes and get access to corporate infrastructure," he explains. 

In order to prevent such severe outcomes, Kucherin suggests two simple precautionary measures: 

One, you can teach the employees cyber-hygiene principles, like not downloading apps that are not trusted. However, this might not suffice, so "another thing you can do — though it's more expensive — is give your employees a separate phone, which they will use only for purposes of work. Those devices will contain a limited number of apps — just the essentials like email, phone, no other apps allowed,” he adds. 

Just as it is for the cybercriminals, you have to pay more to get more, he notes: "Using dedicated work devices is more effective, but more expensive."  

Read more »
Vulnerabilities and Exploits
AI Chatbot Apple Devices Artificial Intelligence Bitdefender ChatGPT Google Play Phishing Attack Scam Emails Vulnerabilities and Exploits

New Phishing Scam Targets User's With Fake ChatGPT Platform

The general population is fascinated with AI chatbots like OpenAI's ChatGPT. Sadly, the popularity of the AI tool has also attracted scammers who use it to carry out extremely complex investment frauds against naive internet users. Nevertheless, security experts warn that ChatGPT and other AI techniques may be used to rapidly and on a much wider scale produce phishing emails and dangerous code.

Bitdefender Antispam Labs claims that the most recent wave of "AI-powered" scams starts with a straightforward unwanted email. In reality, our researchers were instantly drawn to what seemed to be a harmless marketing ploy, and they went on to uncover a complex fraud operation that poses a threat to participants' wallets and identities.

The initiative is currently focused on Denmark, Germany, Australia, Ireland, and the Netherlands.

How does the Scam Operate?

In the past several weeks, fake ChatGPT apps have appeared on the Google Play and Apple App Stores, promising users weekly or monthly memberships to utilize the service. The con artists behind this specific scheme go above and beyond to deceive customers.

Users who click the email's link are taken to a clone of ChatGPT that tempts them with money-making chances that pay up to $10,000 per month 'just on an exclusive ChatGPT platform.'

The recipient must click on an embedded link to access further information because the email itself is short on specifics. They click on this link to be taken to a bogus ChatGPT chatbot, where they are prompted to invest at least €250 and provide their contact information, including phone number, email address, and card details.

The victim is then given access to a copy of ChatGPT, which varies from the original chatbot in that it provides a limited number of pre-written responses to user inquiries. Only a domain that is blacklisted allows access to this chatbot.

It's nothing unusual for scammers to take advantage of popular internet tools or patterns to trick users. Use only the official website to test out the official ChatGPT and its AI-powered text-generating capabilities. Avoid clicking on links you get in unsolicited mail, and be particularly suspicious of investment schemes distributed on behalf of a corporation, which generally are scams.

Read more »
Privacy
Android Apps Data Privacy Section Data Safety Form Google Google Play Google Play Store Mozilla Mozilla Research Privacy

Mozilla Research Lashes Out Google Over ‘Misleading’ Privacy Labels on Leading Android Apps


An investigation, conducted by the Mozilla Foundation, into the data safety labels and privacy policy on the Google Play Store has exposed some severe loopholes that enable apps like Twitter, TikTok, and Facebook to give inaccurate or misleading information about how user data is shared. 

The study was conducted between the 40 most downloaded Android apps, out of which 20 were free apps and 20 were paid, on Google Play and found that nearly 80% of these apps disclose misleading or false information. 

The following findings were made by the Mozilla researchers: 

  • 16 of these 40 apps including Facebook and Minecraft, had significant discrepancies in their data safety forms and privacy policies. 
  • 15 apps received the intermediate rating, i.e. “Need Improvement” indicating some inconsistencies between the privacy policies and the Data Safety Form. YouTube, Google Maps, Gmail, Twitter, WhatsApp Messenger, and Instagram are some of these applications. 
  • Only six of these 40 apps were granted the “OK” grade. These apps included Candy Crush Saga, Google Play Games, Subway Surfers, Stickman Legends Offline Games, Power Amp Full Version Unlocker, and League of Stickman: 2020 Ninja. 

Google’s Data Privacy Section 

Google apparently launched its data privacy section for the Play Store last year. This section was introduced in an attempt to provide a “complete and accurate declaration” for information gathered by their apps by filling out the Google Data Safety Form. 

Due to certain vulnerabilities in the safety form's honor-based system, such as ambiguous definitions for "collection" and "sharing," and the failure to require apps to report data shared with "service providers," Mozilla claims that these self-reported privacy labels may not accurately reflect what user data is actually being collected. 

In regards to Google’s Data Safety labels, Jen Caltrider, project lead at Mozilla says “Consumers care about privacy and want to make smart decisions when they download apps. Google’s Data Safety labels are supposed to help them do that[…]Unfortunately, they don’t. Instead, I’m worried they do more harm than good.” 

In one instance in the report, Mozilla notes that TikTok and Twitter both confirm that they do not share any user data with the third parties in their Data Safety Forms, despite stating that the data is shared with the third parties in their respective privacy policies. “When I see Data Safety labels stating that apps like Twitter or TikTok don’t share data with third parties it makes me angry because it is completely untrue. Of course, Twitter and TikTok share data with third parties[…]Consumers deserve better. Google must do better,” says Caltrider. 

In response to the claim, Google has been dismissing Mozilla’s study by deeming its grading system inefficient. “This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects[…]The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information,” says a Google spokesperson. 

Apple, on the other hand, has also been criticized for its developer-submitted privacy labels. The 2021 report from The Washington Post indicates that several iOS apps similarly disclose misleading information, along with several other apps falsely claiming that they did not collect, share, or track user data. 

To address these issues, Mozilla suggests that both Apple and Google adopt an overall, standardized data privacy system across all of their platforms. Mozilla also urges that major tech firms shoulder more responsibility and take enforcement action against apps that fail to give accurate information about data sharing. “Google Play Store’s misleading Data Safety labels give users a false sense of security[…]It’s time we have honest data safety labels to help us better protect our privacy,” says Caltrider.  

Read more »
Subscribe to: Posts (Atom)