Story image

Sophisticated malware resurfaces in Google Play apps

08 Sep 2015

Bitdefender has identified a sophisticated CAPCHA-avoiding Android malware in Google Play apps.

Dubbed Android.Trojan.MKero.A, the malware was originally distributed via third-party marketplace and local social networks in Eastern Europe late 2014, with Russia as one of the most affected countries.

At the time, Bitdefender was conducting research into the malware’s behaviour and found that they had evolved the recent versions to become less detectable.

As the malware has been built to operate completely silent on the victim’s Android device, removal has become extremely difficult.

Current capabilities

This is the first time the malware has occurred in the official Google Play store, suggesting its developers found new ways of packing it into seemingly legitimate apps that can bypass Google Bouncer - Google’s screening system, Bitdefender says.

The Trojan’s sophistication lies in its ability to bypass CAPCHA authentication systems by redirecting these requests to an online image-to-text recognition service, Antigate.com.

The online service relies on actual individuals to recognise CAPCHA images, therefore requests are often sent back to the malware within seconds so that it can proceed with the concealed subscription process.

Among Google Play apps that distribute the Trojan, two have had between 100,000 and 500,000 instals each, raising the potential victim count to staggering numbers. Google has been notified of the existence of these malicious apps in Google Play.

Implications

The total financial losses could amount to $250,000 purely from the minimum $0.05 charge by subscribed SMS messages.

As the malware has been built with concealed capabilities to operate completely silent on the victim’s Android device, user detection and removal is made extremely difficult.

To this end, a mobile security solution needs to be installed on the device to identify malicious applications - regardless from where they have been downloaded - and block threats from causing irreparable financial harm or personal data loss, Bitdefender says.

Chillisoft rounds out portfolio with file integrity vendor
Tripwire is the fourth vendor for Chillisoft in six months, adding critical security controls, vulnerability management and file integrity monitoring.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Optic Security Group celebrates Axis accolade
Auckland-based business security systems provider Fortlock has picked up an award at Axis Communications’ annual Oceania Axis Partner Summit 2019.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.