Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Play Store. Show all posts
TOAD
Android 16 CyberCrime CyberThreat Google In- Call Secuity malicious Phone Call Play Store Privacy Scammers TOAD

Enhanced In-Call Security in Android 16 Aims to Tackle Scammers

 


As part of a new security feature being developed by Google, users will no longer be able to modify sensitive settings when they are on a phone call. As a part of the in-call anti-scam protection, users are specifically prevented from enabling settings that allow applications to be installed from unknown sources and the grant of accessibility access as part of this in-call anti-scam protection. 

To mitigate the risk of scams exploiting these permissions during phone conversations, the developers of the app have developed several features. Android Authority was the first to report the development. As users attempt to alter their information while speaking to a customer service representative, a warning message appears stating as follows: "Scammers often request these actions during phone call conversations, so that is why it has been blocked. If users are guided to do this by someone they are not familiar with, it could be a scam." 

A new version of Android 16 Beta 2 was released this week, which introduced several new features and a modification to the phone call settings. The new features are intended to help improve not only the user experience but also to protect users against fraudulent scams. One of the features, which has just been introduced, is anti-scammer protection during phone calls, which is designed to protect the privacy and sensitive data of users during a phone call. 

The number of telephone scams has grown to an alarming level of sophistication, with scammers now employing ever-increasing sophistication to deceive unsuspecting individuals for fraudulent purposes. It is also common to install malware on individuals to gain access to sensitive information. Android 16 Beta 2 addresses this issue by implementing restrictions that prevent users from enabling certain sensitive settings, such as sideloading permissions, while a phone call is active, to reduce the risk of scams exploiting these permissions during conversations. 

The purpose of this measure is to enhance security by reducing the risk of scams. Moreover, Android 16 Beta 2 also introduces a restriction that prevents users from granting applications access to accessibility services when a phone call is currently underway. As of earlier this week, Android 16 Beta 2 now includes this feature, which was implemented by adding additional security measures to counter a technique commonly used by malicious actors to distribute malware. 

It was first introduced in Android 16 beta 2. As part of this method, which is known as telephone-oriented attack delivery (TOAD), a false sense of urgency is created and sent to potential victims to coerce them into calling a specific number. The NCSC-FI and the NCC Group reported in 2023 that cybercriminals were distributing dropper applications through SMS messages and phone calls to deceive individuals into installing malware, such as Vultr. The hacker community intended to use this technique to trick people into installing malware. 

 The company introduced several new security features as part of Android 15 when it began rolling out last year, aimed at reducing the risks caused by malicious applications as they were introduced. Google took these measures, among them was the automatic disabling of sensitive permissions for apps that weren't available in Gthe oogle Play Store or was downloaded from unverified sources that posed a threat to users. The goal of this enhancement is to better protect users from potential scams and the possibility of unauthorized access to sensitive information. 

The sideloading permission, which allows apps to install other apps, is disabled as a security measure by default to prevent malicious software from installing outside of official app stores, which poses significant risks for users. Users must be able to enable this permission manually through Settings > Apps > Special App Access > Install Unknown Apps. Furthermore, users who are enrolled in Advanced Protection Mode are not permitted to modify this permission due to the significant security risks involved. As a result, unauthorized installations can be prevented and overall device security will be enhanced. 

The Android 16 operating system offers additional security measures even if a user already allows sideloading or has installed malicious apps; the device also blocks the possibility of granting access to accessibility during phone calls when the user doesn't want it granted. This restriction is vital because applications that offer accessibility can exert a lot of control over a device, which may compromise user security and privacy. 

The misuse of such permissions can result in malicious applications stealing sensitive data or locking users out of their devices, as well as performing harmful actions. To combat scammers exploiting phone conversations as a way to install malware or gain unauthorized access to critical permissions, Google is preventing these changes during active calls. It is becoming increasingly sophisticated as cybercriminals utilize phone calls as a primary method of manipulating and defrauding individuals as online scams get more sophisticated. In particular, these scams are usually targeted at older people or those who are less familiar with digital security practices. 

Often, scammers use psychological tactics to deceive victims into following their instructions, such as inducing a false sense of urgency or fear. A scammer usually lures victims into installing applications, often under the guise of providing technical assistance with an issue that is fabricated. Once the attacker has installed the application, it gives him or her access to the victim's device, potentially allowing them to exploit it further. As part of Google's proactive efforts to mitigate these threats, it has implemented enhanced security features on Android 16. 

The Android 16 update will restrict users from sideloading applications or granting high-risk permissions during a phone call, which will help to reduce the effectiveness of such fraud schemes and improve overall user security. A significant advancement in mobile protection, especially as phone scams are becoming increasingly complex, this security feature represents a significant advance in mobile protection. 

With Google's introduction of obstacles into the scam process, Google hopes that fraudulent activity will become more difficult to carry out. Even in cases where scammers instruct victims to terminate a call and attempt the process again, the additional step required to activate certain settings may raise suspicion and may discourage the victim from trying it again. 

As part of Android 16 Beta 2, Google has implemented anti-scammer protections that allow users to access their phone while they are on a call, a proactive approach to fighting the growing threat of phone scams. By limiting access to sensitive settings while they are on a call, the company seeks to enhance user security and prevent malicious actors from exploiting them.
Read more »
WhatsApp
Google malware Minecraft Necro Trojan Play Store Spotify WhatsApp

Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

A new variant of Necro malware loader was found on 11 million Android devices through Google Play in infected SDK supply chain attacks. The re-appearance of Necro malware is a sign of persistent flaws in popular app stores like Google. 

A recent report by Kaspersky suggests the latest version of Necro Trojan was deployed via infected advertising software development kits (SDK) used by Android game mods, authentic apps, and mod variants of famous software, such as Minecraft, Spotify, and WhatsApp. The blog covers key findings from the Kaspersky report, the techniques used by threat actors, and the impact on cybersecurity. 

What is Necro Trojan 

Aka Necro Python, the Necro Trojan is an advanced malware strain active since it first appeared. Malware can perform various malicious activities such as cryptocurrency mining, data theft, and installation of additional payloads. The recent version is more advanced, making it difficult to track and eliminate. 

Distribution of Necro Trojan

Users sometimes want premium or customized options that official versions don't have. But these unofficial mods, such as GB WhatsApp, Spotify+, and Insta Pro can contain malware. Traditionally, threat actors used these mods because they are distributed on unofficial sites that lack moderation. 

However, in the recent trend, experts discovered actors targeting official app stores via infected apps

In the latest case, Trojan authors abused both distribution vectors, a new variant of multi-stage Necro loader compromised modified versions of Spotify, Minecraft, and other famous apps in unofficial sources, and apps in Google Play. "The modular architecture gives the Trojan’s creators a wide range of options for both mass and targeted delivery of loader updates or new malicious modules depending on the infected application,” said the report.

Key Findings

  • The downloaded payloads can display ads in invisible windows, and interact with them. They can also execute arbitrary DEX files, install download apps, open arbitrary links in invisible WebView windows and run JavaScript, run a tunnel via the victim's device, and subscribe to paid services. 
  • The new variant of the Necro loader uses obfuscation to escape detection. 
  • The loader deployed in the app uses steganography tactics to hide payloads 

Read more »
Play Store
Advertisement Cyber Security Fake Apps Fraudulent Play Store

HUMAN Team Shuts Down Major Mobile Ad Fraud Scheme

 


In a major development, the HUMAN Satori Threat Intelligence and Research Team has successfully dismantled a vast mobile advertising fraud operation known as "Konfety." This scheme, which generated billions of fake ad requests each day, was designed to deceive both users and advertisers on a large scale.

The Konfety scammers used a mobile advertising tool called CaramelAds to carry out their scheme. They created numerous fake apps, which appeared to be ordinary games on the Google Play Store. These apps were actually just a front for the fraud. The core of the scam involved "evil twin" apps—modified versions of CaramelAds that did not follow privacy regulations and were used to show fraudulent ads.

The fraudulent apps were designed to mimic genuine user activity. They displayed unwanted ads, opened websites without user consent, and used various tactics to create the illusion of legitimate traffic. This allowed the scammers to profit from fake ad views and clicks, deceiving both users and advertisers.

Upon discovering the fraud, the HUMAN team quickly implemented measures to block the fraudulent traffic. They flagged suspicious activity and worked with ad networks to stop the scam. In response, the fraudsters tried to shift their operations to other networks not protected by HUMAN, but their efforts were largely thwarted by HUMAN’s protective measures.

Google Play Protect was crucial in identifying and removing the fraudulent apps. Despite its efforts, the scale of the Konfety scheme highlighted the ongoing challenge of preventing such sophisticated scams. Google continues to monitor and protect users from these threats.

HUMAN’s team developed specific detection techniques for the Konfety scam and shared their findings with other security experts. This collaboration led to a significant reduction in fraudulent ad requests and enhanced overall security in digital advertising.

The successful shutdown of the Konfety fraud needs a heedful of vigilance and cooperation in the fight against online scams. HUMAN’s ongoing efforts to safeguard the integrity of digital advertising are essential as cybercriminals continue to evolve their tactics. This case highlights the need for constant vigilance and industry collaboration to maintain a secure online environment.




Read more »
VPN Apps
App Defense Alliance App Developers Cyber Security Google Independent Security Review badge MASA Play Store Security Audit VPN Apps

Google Introduces Badges to Identify Which VPN App has Passed a Security Audit


Google has recently confirmed that they will be introducing an Independent Security Review badge to identify Android VPN apps that have undergone an independent security assessment, taking into account the concerns of users regarding Android cybersecurity. 

The App Defense Alliance was launched last year, in collaboration between Google, ESET, Lookout, and Zimperium in order to tackle Play Store’s malware issues. The Alliance further launched the Mobile Application Security Assessment (MASA) audit. In order to inform customers that the applications they are installing on their phones have been created in accordance with industry mobile security and privacy minimal best practices, software developers can use this method to get their apps independently verified against a global security standard. 

The objective behind the review badge is that if app developers follow this method in order to mitigate any security flaw, it will make it more challenging for hackers to compromise users' devices and, as a result, the quality of apps across the ecosystem will improve.

Applications that have received this badge have successfully undergone a MASA audit. Moreover, in order to maintain the badge every year, app developers will have to go through an additional independent assessment.

Nataliya Stanetsky of the Android Security and Privacy Team states in a Google Security Blog post this week that, “While certification to baseline security standards does not imply that a product is free of vulnerabilities, the badge associated with these validated apps helps users see at-a-glance that a developer has prioritized security and privacy practices and committed to user safety.”

Now, when a user turns to Play Store in search for the best VPN, they will certainly see a banner at the top, leading then to the DATA Safety Section, for them to have a better understanding of the new badges. On clicking on the option ‘learn more,’ the user will further be directed to the App Validation Directory, "a centralized place to view all VPN apps that have been independently security reviewed."

"We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Stanetsky explained.

"VPN providers such as NordVPN, Google One, ExpressVPN, and others have already undergone independent security testing and publicly declared the badge showing their good standing with the MASA program," she added. 

These Security Review badges is an effort by Google to make the Data Safety Section a one-stop shop for information on Play Store cybersecurity procedures. Additionally, you may get information on the kind of data that apps are gathering about you, why they are collecting it, and whether or not they are sharing it with outside parties.  

Read more »
User Data
Android Apps Cyber Security Cyberattacks CyberCrime CyberThreat Google Play Store Pradeo User Data

Users' Data is Stolen Through 1.5 million Android Apps


As part of an effort to help users gain a better understanding of what data an app collects before downloading it, Google Play introduced "nutrition labels" with a privacy-focused focus last year. However, researchers have found a way to work around the system and steal user data. This is done by inserting a way to avoid the system. In an article released by Pradeo, a mobile cybersecurity company, cybersecurity analysts discovered two apps on Google Play. 

These apps threatened to send data from users' Android devices to malicious servers based in China as a result of spyware According to the firm, more than ten lakh users globally are affected by spyware-laden applications. According to it, the app's download pages claim it will not collect data about you. 

According to a report released by Google Play Store security analysts, two apps that appear to be file management apps but are spyware have been discovered. 1.5 million Android users risk compromised privacy and security due to this vulnerability. Hence, you must remove these apps as quickly as possible from the latest Android phones that boast some of the most impressive features. 

A leading mobile cybersecurity company, Pradeo, which offers mobile security products, announced this week that its smartphone security app, File Recovery & Data Recovery, has been flagged as malicious. As both apps are produced by the same developer, they are programmed to launch without requiring the user to do anything. Their servers in China quietly store sensitive user information securely sent to them.  

More than one million downloads of File Recovery & Data Recovery have occurred. In Pradeo's report, screenshots of their respective Play Store pages showed that about 500,000 people installed File Manager, based on screenshots taken from the PANDEO website. 

As outlined in their blog post, after analyzing both spyware apps, the researchers determined that both collected personal data from their targets. They sent it to many servers located mainly in China. These apps are considered malicious by the majority of users and are said to threaten their privacy and security, which is an essential point to note. 

Data that has been stolen includes the following:

  1. Contact information is collected by the apps via the device itself and connected accounts, such as email and social media accounts. 
  2. Aside from pictures and audio files, the apps also collect videos and pictures saved on your device. 
  3. By tracking the user's location, spyware can retrieve his or her current position. 
  4. The system collects the mobile country code, network provider name, and SIM code of the SIM provider. This is among other variables. 
  5. There is a capture of the operating system version number. This could potentially be exploited by vulnerabilities similar to those in the Pegasus spyware incident, if one exploited them. 
  6. Spyware can record the model and brand of the device it targets. 

Even though the apps may have a legitimate reason for gathering some of the information above to ensure smooth performance and compatibility with any updated devices. However, most of the information gathered is not required to manage files or recover data. Unfortunately, this company collects data secretly without the user's consent. 

Moreover, Pradeo has added that the home screen icons of the two apps are hidden, so it will be harder to find them and remove them from your device. It is also possible for them to misuse the permissions the user approved during installation. They can restart the device and launch it in the background without the user's knowledge. 

Pradeo speculates that the company used emulators or install farms to create a false impression of trustworthiness to increase its popularity within the game industry. This hypothesis is supported by the fact that there are few user reviews on the Play Store. This is compared to the reported number of users who wrote reviews about the application on the Play Store. 

There is always a recommendation to check user reviews before installing an application. This is done by paying attention to the permissions requested when installing the application, and only trusting applications created by reputable firms.

This whole incident serves as a stern reminder of the persistent cyber tug-of-war waged, with malicious actors constantly advancing their methods. Every user must exercise caution in this digital minefield, especially when downloading apps and navigating them. 

Do not forget to read the permissions of all apps before granting them access to the device as they will always ask for your permission. Further, your security software must be updated, and you should use a secure and complex password. Lastly, it is imperative to remain vigilant against phishing attempts and never click on suspicious links.

Read more »
Play Store
Adware Android Apps Antivirus Google Mallicious Apps malware Mobile Apps Play Store

Alert! Check if you have these Android Malware Apps Installed With 10M+ Downloads

 

A fresh batch of harmful Android applications containing adware and malware that have been installed on almost 10 million mobile devices has been discovered on the Google Play Store. 

The apps pretend to be picture editors, virtual keyboards, system optimizers, wallpaper changes, and other things. Their primary functionality, however, is to display invasive advertisements, subscribe users to premium services, and hijack victims' social network accounts. 

The Dr Web antivirus team discovered several dangerous applications, which they highlighted in a study published. Google has removed the great majority of the offered applications, however, three remain available for download and installation via the Play Store at the time of writing. Also, if anyone installed any of these applications before they were removed from the Play Store, then will need to manually delete them from the device and conduct an antivirus check to remove any leftovers. 

The latest dangerous Android applications Dr Web found adware apps that are variations on existing families that initially surfaced on the Google Play Store in May 2022. When the applications are installed, they ask for permission to overlay windows over any app and can add themselves to the battery saver's exclusion list, allowing them to run in the background even after the victim shuts the app. Furthermore, they hide their app drawer icons or replace them with anything resembling a fundamental system component, such as "SIM Toolkit."

"This app "killed" my phone. It keep'd crashing , i couldn't even enter password to unlock phone and uninstall it. Eventually, I had to make a complete wipe out (factory reset), to regain phone. DO NOT , install this app !!!!," read a review of the app on the Google Play Store. 

Joker applications, which are infamous for incurring false payments on victims' mobile phones by subscribing them to premium services, are the second kind of harmful apps spotted on the Play Store. Two of the featured applications, 'Water Reminder' and 'Yoga - For Beginner to Advanced,' have 100,000 and 50,000 downloads, respectively, in the Play Store. Both deliver the claimed functionality, but they also execute malicious operations in the background, interacting with unseen or out-of-focus WebView objects and charging consumers. 

Finally, Dr. Web identifies two Facebook account stealers that are disseminated through picture editing applications and use cartoon effects on ordinary images. These applications are 'YouToon - AI Cartoon Effect' and 'Pista - Cartoon Photo Effect,' and they have been downloaded over 1.5 million times in the App Store. 

Android malware will always find a way into the Google Play Store, and apps can occasionally linger there for months, so users should not blindly trust any app or no apps. As a result, it is critical to read user reviews and ratings, visit the developer's website, read the privacy policy, and pay close attention to the permissions sought during installation. 
  • Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
  • Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
  • Photo Editor: Art Filters (gb.painnt.moonlightingnine)
  • Photo Editor - Design Maker (gb.twentynine.redaktoridea)
  • Photo Editor & Background Eraser (de.photoground.twentysixshot)
  • Photo & Exif Editor (de.xnano.photoexifeditornine)
  • Photo Editor - Filters Effects (de.hitopgop.sixtyeightgx)
  • Photo Filters & Effects (de.sixtyonecollice.cameraroll)
  • Photo Editor : Blur Image (de.instgang.fiftyggfife)
  • Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
  • Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
  • Neon Theme Keyboard (com.neonthemekeyboard.app)
  • Neon Theme - Android Keyboard (com.androidneonkeyboard.app)
  • Cashe Cleaner (com.cachecleanereasytool.app)
  • Fancy Charging (com.fancyanimatedbattery.app)
  • FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)
  • Call Skins - Caller Themes (com.rockskinthemes.app)
  • Funny Caller (com.funnycallercustomtheme.app)
  • CallMe Phone Themes (com.callercallwallpaper.app)
  • InCall: Contact Background (com.mycallcustomcallscrean.app)
  • MyCall - Call Personalization (com.mycallcallpersonalization.app)
  • Caller Theme (com.caller.theme.slow)
  • Caller Theme (com.callertheme.firstref)
  • Funny Wallpapers - Live Screen (com.funnywallpapaerslive.app)
  • 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
  • NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)
  • Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
  • Notes - reminders and lists (com.notesreminderslists.app)
Read more »
Play Store
Google Joker malware Play Store

WAP Fraud: Google Play Store Removes Android Apps Infected With Joker Malware



Google has now eliminated 17 infected android apps from its google play store. These apps contained the "Joker" malware, according to the findings by experts Zscaler. Joker is among the most effective malware that attacks Android applications.

The malware is infamous in the cybersecurity industry, but it always finds a new way to access Google's play store applications. Joker uses new codes, execution techniques, and retrieving methods to trespass the play store. The malware is used for stealing personal chats, contact information, call logs, and device data. Joker also secretly subscribes to users for premium WAP (wireless application protocol) services.

The research team at Zscaler kept an eye on the Joker spyware and recently noticed that the malware was uploaded continuously on the Google play store. It immediately informed Google about the issue, and the latter removed the 17 WAP apps with Joker malware from Google play store.

The Joker is also known as Bread malware. These infected android apps were uploaded last month on Google play store; however, they couldn't do much damage. Until the experts found these apps, the users downloaded them 1,20,000 times.

The 17 apps found with Joker malware are:
  1. All Good PDF Scanner 
  2. Hummingbird PDF Converter - Photo to PDF 
  3. Blue Scanner 
  4. Paper Doc Scanner 
  5. Part Message 
  6. Desire Translate 
  7. Talent Photo Editor - Blur focus 
  8. Care Message 
  9. Meticulous Scanner 
  10. Style Photo Collage 
  11. One Sentence Translator - Multifunctional Translator 
  12. Private SMS 
  13. Direct Messenger 
  14. Tangram App Lock 
  15. Unique Keyboard - Fancy Fonts and Free Emoticons 
  16. Mint Leaf Message-Your Private Message 
  17. All Good PDF Scanner 
Although the play store has disabled the apps, the users who might have downloaded the apps need to uninstall them manually. The malware uses the 'dropping' technique to avoid getting caught and sneak into google play store.

"We recommend paying close attention to the permission list in the apps that you install on your Android device. Always watch out for the risky permissions related to SMS, call logs, contacts, and more. Reading the comment or reviews on the app page also helps identify compromised apps," says researchers from Zscaler.
Read more »
Subscribe to: Posts (Atom)