Search This Blog

Showing posts with label Adware. Show all posts

Researchers Found Android Apps on Google Play that Steal Personal Data of Victims and Pose Other Threats



Security researchers identified seven new malicious apps present on Google Play Store that infect devices with adware and malware while laying open the system's backdoor access which ensures a smooth installation of any new functionality that comes along with the application. Other threats include battery drainage and excessive consumption of mobile data.

In recent times, with the mobile malware penetrating its roots in the cyber world, there have been a number of new discoveries from security researchers where they warn of malicious android apps that request sketchy permissions and contain malware. Android platform's openness, flexibility, and excess control are the key factors which make it all the more attractive to the users and likewise, cybercriminals. As a downside, it also provides a more vulnerable space for criminals to exploit by posting adware infected apps to serve marketing interests and steal sensitive user data. These apps can take different forms and mostly, share a similar code structure which indicates a direct link between the developers.

These malicious apps are configured to download and consequently install APKs from a GitHub repository, hence attackers are handling the GitHub communication very sophisticatedly, as a part of which they effectively wait to bypass detection by security officers and malware detection agencies.

Attackers have embedded a GitHub URL within the malicious app code which sets the basis for evading Google Play protect scan. However, while security researchers somehow managed to unearth the configuration data of the malicious apps and related URLs, they were directed to Adware APK which is triggered right after the installation of the infected app. The APK halts for a timeframe of 10 minutes after being triggered to execute the malicious motives.

Here, the aforementioned malicious apps have been posted by three different developers as listed below:

iSoft LLC (Developer) – Alarm Clock, Calculator, Free Magnifying Glass
PumpApp (Developer) – Magnifying Glass, Super Bright LED Flashlight
LizotMitis (Developer) – Magnifier, Magnifying Glass with Flashlight, Super-bright Flashlight

As a security measure for the continuously expanding mobile malware, Google tied up with various mobile security companies that would assist them in detecting bad apps before they hit a download mark over million. Users who have already installed these dropper apps are recommended to uninstall them manually.

Sneaky Android adware hides its own icon to avoid removal – find out how to get rid of it!



Security researchers at SophosLabs have discovered 15 apps in the Play Store that contain a manipulative strain of adware that hides its own icon in the launcher to avoid being uninstalled by making the process unusually difficult for the users, it disguises itself as a harmless system app. There is a possibility of more such apps being present on the Play Store beside these 15 discovered ones. Some apps of similar nature have gone a step further and were found upon opening the phone’s App Settings page, hidden beneath names and icons that make them appear as legitimate system apps.

Some people tend to download an app, without giving its requirement much of a thought or consideration, the habit may have led you into inadvertently downloading these malicious apps such as QR code reading, free calls and messaging, phone finder, backup utilities and image editor apps which have adware embedded in them and serve no purpose at all other than to generate revenues for the developers by displaying intrusive advertisements. To exemplify, Flash on Calls & Messages – aka Free Calls & Messages is one such app, which shows a fake error message when the user launches it, telling the user that it is incompatible with his device. Then the user is directed to the Google Play Store entry for Google Maps, to mislead the user into believing that the Maps app is the reason for the crash, which is not at all true.

On Google Play Store, most of these camouflaged apps receive negative ratings and reviews which highlight the disappointments and the issues faced by users while using the app. More than 13 lakh phones were populated by these malicious apps, according to SophosLabs.

Quoting Andrew Brandt, principal researcher at SophosLabs, "To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"App developers have, for years, embedded ad-code into their apps as a way to help defray the costs of development, but some developers simply use their apps as a borderline-abusive platform solely to launch ads on mobile devices," he added.

How to get rid of adware apps? 

Referencing from the advise given by Andrew Brandt, "If you suspect that an app you recently installed is hiding its icon in the app tray, tap Settings (the gear menu) and then Apps & Notifications. The most recently opened apps appear in a list at the top of this page."

"If any of those apps use the generic Android icon (which looks like a little greenish-blue Android silhouette) and have generic-sounding names (‘Back Up,’ ‘Update,’ ‘Time Zone Service’) tap the generic icon and then tap ‘Force Stop’ followed by ‘Uninstall.’ A real system app will have a button named ‘Disable’ instead of ‘Uninstall’ and you don’t need to bother disabling it."

"To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"If several reviews mention specific undesirable behavior, it's likely best to avoid that particular app," he says. 

Malicious Android Adware Infects Approximately 200 Apps on Play Store



 A monstrous adware campaign nicknamed "SimBad" was found to be in around 206 applications on Google Play Store, known to have been downloaded roughly 150 million times. Since most of them are simulation type games, thus the term 'SimBad' has been coined.

The designers of the applications may not be entitled totally to the blame as they also may have been baited by false promises. They may have not understood that they were utilizing a promotion related software development kit or SDK whose reason for existing is to install adware on devices.

Once an application infected by SimBad gets downloaded, the adware registers itself on the system with the goal that it can keep running on boot and from that point onwards, it can perform activities like opening a browser page to phish user information, open an application store including Google Play Store (to be specific) potentially malicious application, or even download and install an application in the background.

As per Security outfit Check Point, the applications perform different malicious behavior that the user's need to be wary of, including:
  1. Showing ads outside of the application, for when the user unlocks their phone or uses other apps.
  2. Constantly opening Google Play or 9Apps Store and redirecting to another particular application, so the developer can profit from additional installations.
  3. Hiding its icon from the launcher in order to prevent uninstallation.
  4. Opening a web browser with links provided by the app developer.
  5. Downloading APK files and asking the user to install it.
  6. Searching a word provided by the app in Google Play.

As a matter of fact, SimBad is less appalling than other malware that got away from Google's notice however it does as of now can possibly accomplish more harm as, according to Checkpoint, "SimBad' has abilities that can be divided into three groups namely - Show Ads, Phishing, and Exposure to other applications.

Keeping in mind the user privacy, Google has officially brought down the infected applications and will doubtlessly add the adware strain to Google Protect’s AI.

Users Warned Against Unofficial Sites Pushing Notepad2 Adware Bundles





The users' anticipating to download the exceptionally well known Notepad substitution called Notepad2, are cautioned once more to be careful of sites made to look official, however really disseminate Notepad2 as an adware bundle.

The search result was for a site called Notepad2.com, when done as such through Bing, their insight card expressed that the official site is flos-freeware.ch. Now, while the site appeared to be unique and marketier, users' would simply assume that the developer made a committed site for it. The only odd thing to be observed was that the logo they were utilizing was one that was very similar to the one for Notepad++.

It isn't until the point when the user attempts to download the executable and ESET blocked the document from being downloaded then they understand that something isn't right. When they scroll to the very bottom of the page did they'll see an explanation this was an “unofficial website dedicated to the opensource software” this is the moment that they will realize that the site was plainly made to distribute adware bundles with the end goal to generate a couple of bucks for the developer.

Whenever downloaded, the installer has the genuine name of Notepad2-x64_1746715231.exe. Whenever executed, however, it is rapidly evident this is an adware bundle. When clicked next, the user will be demonstrated different offers. On the Windows 10 machine, the user will be possibly offered Opera and on an Any.Run install it very well may be the game War Thunder.

At the point when done installing the offers, it will download a zipped copy of Notepad2 and spare it in the Downloads folder.

That regardless of whether they user conceives that they know how to spot tricks and scams, have a great understanding about computer security and malware, and attempt to be diligent, they can even now get in trouble on the web.

So it is advised for the users to be extremely watchful out there, and accomplish more research before downloading softwares except if they know it's originating from a respectable source, which is ideally the developer's webpage.


Zacinlo Malware; Yet another Threat for All Windows 10 Users


Researchers at Bitdefender have recently discovered a powerful malware that takes control over the PC and spams with advertisements. They have named it 'Zacinlo' after the last and final payload, looking at this as a transitory name for an intricate code. In any case, the Zacinlo malware has been around for almost six years extremely contaminating various Windows users.

The researchers at the Cyber Threat Intelligence Lab, following a year of research have published a rather detailed paper about this malware. Despite the fact that the malware has been around since 2012, it became the most active in late the 2017, state the researchers while clarifying about their work.

Zacinlo is said to be so powerful to the point that it has the capability of deactivating the most anti- malware directly accessible. Well known targets of Zacinlo incorporate Bitdefender, Kingsoft, Symantec, Microsoft, Avast, and various different programs.

Once installed, it altogether takes control over the user's framework for noxious exercises. These incorporate controlling the OS, forestalling against malware activities, at last accomplishing its fundamental objective – to display ads and generate income. This is accomplished by infusing contents in webpages.

 “The infection chain starts with a downloader that installs an alleged VPN application. Once executed, it downloads several other components, as well as a dropper or a downloader that will install the adware and rootkit components.”

Zacinlo effectively keeps running on most commonly utilized programs, including Chrome, Firefox, Internet Explorer, Edge, Safari, and Opera. As this adware starts working, it wipes out some other adware exhibit in the victim's PC to accomplish its main objectives. It at that point shows advertisements in order to produce income by getting the snaps.

The advancement of this malware makes its detection extremely hard. However, there is one route through which you can detect the presence of Zacinlo in the victim's PC. As stated by Bogdan Botezatu, the senior e-Threat Analyst at Bitdefender.

“Since the rootkit driver can tamper with both the operating system and the anti-malware solution, it is better to run a scan in this rescue mode rather than running it normally.”

Regardless of this all the windows users are thus instructed to stay wary while downloading any outsider applications or applications from untrusted sources to shield themselves from any malware attacks.