A Trojan App on Google Play Store Stealing Users Sensitive Data





Cyber security specialists at Cisco Talos have discovered a malware denominated as GPlayed, a Google Play Market Place application that is indistinguishable to the design of Google Play store icon and other subsidiary applications. GPlayed is capable for deceiving users into installing it on their Android phone and lose sensitive data to hackers.

This issue is a risky one as clueless many gullible users may install the app. on the given that it is a reliable one indeed and wind up paying a "heavy price".

This dangerous Trojan malware in spite of the fact that isn't yet live on the Google Play store yet is capable of and even transmitting Visa or bank details present in the phone and furthermore swing in to fulltime spyware equipped for following victim’s locations.

"What makes this malware extremely powerful is the capability to adapt after it's deployed. In order to achieve this adaptability, the operator has the capability to remotely load plugins, inject scripts and even compile new .NET code that can be executed," Cisco Talos report said.




Adding further they said that their analysis indicates that this Trojan is in its testing stage but given its potential, every mobile user should be aware of GPlayed. As mobile developers have recently begun eschewing traditional app stores and instead want to deliver their software directly through their own means. But GPlayed is an example of where this can go wrong, especially if a mobile user is not aware of how to distinguish a fake app versus a real one.

In spite of Google taking strict measures to control the stream of Android malware to the Play app store, it can't recognize Trojan malware covered up in authentic applications. General Android application users are thus advised to be cautious in installing, such resembling phony Google applications.


Over 145 Malicious Android Apps Discovered On the Google Play Store




Researchers from the security software company Palo Alto Network made an alarming disclosure in regards to certain applications accessible on the Google Play Store esteeming them to be defected with malware for stealing information from the Windows Computers.

These 145 applications, with names, "Gymnastics Training Tutorial ", "Modification Trail" and " Learn to Draw Clothing” were uploaded to Google Play between October 2017 and November 2017 and remained there until the point when Palo Alto Networks made Google aware of this issue.

Many of these applications have been downloaded over a thousand times and even 4-star ratings purportedly from individuals who utilized them.

"We have reported our findings to Google Security Team and all infected apps have been removed from Google Play,"

In any case, the fact that these infected applications are very easily accessible on the official Google Play Store is for sure concerning. Additionally, it demonstrates that the software developer ‘odieapps’ isn't sufficiently paying enough consideration to the security part of the applications.

 This by a long shot though isn't the first run through Google has needed to expel the malware-loaded applications from Play, which is by and large thought about as the most secure hotspot for Android applications.

 “These embedded Windows executable binaries can only run on Windows systems: they are inert and ineffective on the Android platform. The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware.”  - Palo Alto Networks said in a blog post.

Also in the most recent two years alone, various security vendors have discovered a huge number of Android applications released to Google Play corrupted with adware, spyware and different vindictive payloads and much like for this situation where these applications were downloaded countless of times before being hailed as hazardous and finally expelled from the Play store.

An analysis of the malware code proposes that the developers of the compromised applications may have built up the applications on infected Windows machines and incidentally exchanged the pernicious code in their Android applications to the Play store.

Had the malware apparatuses functioned as proposed they would have been equipped for recording the mobile device user's keystrokes and thusly steal information, like the passwords, social security numbers, payment card data as well as other important and significant information, says the Palo Alto Networks.

Nevertheless the capacity of enemies just to get their malware past the Play store's defenses poses a tough challenge for Google indeed and as well for the countless users that download their applications from it.


Anubis Malware Re-Emerges Yet Again; Hackers Distributing It via Google Play Store





The Anubis banking malware arises once more with the threat actors allocating the malware on Google Play store applications keeping in mind the end goal to steal login credentials to banking apps, e-wallets, and payment cards.

Hackers are constantly known for finding better approaches to sidestep the Google play store security as well as ways to distribute the malware through Android applications that will additionally go about as the initial phase in an "infection routine" schedule that gets the BankBot Anubis mobile banking Trojans by means of C&C server.

Users as often as possible get tainted once they download and install the malevolent applications via the Google play store, despite the fact that the play store security investigates , all the applications that are transferred into Google Play, cybercriminals dependably execute the most complex and obscure strategies to evade the detection.

Researchers as of late discovered anew downloader’s in-app store that connected with Anubis banking malware. This campaign is known to contain no less than 10 malevolent downloaders masked as different applications. All the Downloader disseminated through Android applications is known to get in excess of 1,000 samples from the criminal's command-and-control (C&C) servers.

“In most Android banking Trojans, the malware launches a fake overlay screen when the user accesses a target app. The user then taps his or her account credentials into the fake overlay, which allows the malware to steal the data. BankBot Anubis streamlines this process.”

Cyber criminals transferring applications into Google play store influence it to resemble a live authentic one; they compromise the clients by controlling them to trust that they are giving an "expertise" as a service.

The researchers likewise found that these malignant play store applications that acted like the authentic ones, for the most part focus on the Turkish-speaking clients and the downloader applications in this specific crusade were intended to address Turkish clients just with a couple of various botnets and configurations.

All these applications are transferred to various categories, for example, online shopping to money related services and even an automotive app.

As indicated by an analysis by the X-Force, the adjustments in the downloader application propose that it is being kept up on a progressing premise, another sign that it is a ware offered to cybercriminals or a particular gathering that is centered on swindling particularly the Turkish mobile banking users.

Once the noxious downloader is effectively installed into the victims Android then the app brings BankBot Anubis from one of its C&C servers. The BankBot Anubis malware forces clients to concede the consent by acting like an application called "Google Protect." 

This accessibility will go about as a keylogger getting the infected user's credentials from infected users mobile.

BankBot Anubis is known to target users in numerous nations also for example, Australia, Austria, Azerbaijan, Belarus, Brazil, Canada, China, Czech Republic, France, Georgia, Germany, Hong Kong, India, Ireland, Israel, Japan Kazakhstan, Spain, Taiwan, Turkey, U.K. as well as U.S.