Google took Increasingly sophisticated steps To keep Malicious application Outside of Google Play. But a new acquisition with nearly 200 apps and more than 10 million potential victims shows that this long-standing problem is far from solved – and in this case, it could cost users hundreds of millions of dollars.
Researchers at the mobile security firm Gymperium said Extensive fraud campaign Android has been plagued since November 2020. More often than not, attackers were able to access majestic-looking apps like “Handy Translator Pro”, “Heart Rate and Pulse Tracker” and “Bus – Metrolis 2021” as a front for Google Play to do something worse. After downloading a malicious app, a victim will receive a flood of five-hour notifications, requesting a reward for “confirming” their phone number. The “Rewards” claim page is loaded through an in-app browser, a common tactic to keep malicious indicators out of the app’s code. Once a user enters their number, attackers sign them up for a monthly recurring charge of around $ 42 through their wireless bill premium SMS service feature. This is a process that usually allows you to pay for digital services, or say, send money to a charity via text message. In this case, it went straight to the villains.
Strategies are common in malicious Play Store apps, and Premium SMS fraud Especially a notorious problem. But researchers say it’s important that attackers were able to string these familiar methods in ways that were still highly effective – and in staggering numbers – even as Google continued to improve its Android security and Play Store security.
“It’s an impressive delivery in terms of scale,” said Richard Melik, director of product strategy at End of Point Security. “They have pushed the fullness of the strategy across all departments; These methods are refined and proven. And it’s actually a carpet-bombing effect when it comes to the amount of application. One may succeed, the other may not, and that’s fine. ”
The operation targets Android users in more than 70 countries and specifically examines their IP addresses to get an idea of their geographic regions. The app will show webpages in the primary language of the place to make the experience more interesting. Malware operators have been careful not to reuse URLs, which could make it easier for security researchers to track them. And the content that the attackers created was high quality, without typo and grammatical errors that could give a clearer scandal.
Gimperium is a member of Google App Defense Alliance, An alliance of third-party companies that help keep tabs on the Play Store malware, and as part of that collaboration, the company launches the so-called Griffiths campaign. Google says all apps marked Gimperium have been removed from the Play Store and related app developers have been banned.
However, the researchers noted that apps যার many of which had several thousand downloads এখনও are still available through third-party app stores. They also note that while premium SMS fraud is an old chestnut, it is still effective because malicious charges usually do not appear until a victim’s next wireless bill. If attackers can get their apps on enterprise devices, they can even deceive employees of large corporations to sign up for a charge that may remain unknown to the company’s phone number year after year.
Although removing so many apps will slow down the GriftHorse campaign for now, the researchers emphasize that new variations are always on the rise.
“These attackers are organized and professional. They have established it as a business, and they are not just moving forward, ”said Sridhar Mittal, CEO of Gimperium. “I’m sure it wasn’t a one-time thing.”
More great cable stories