Search This Blog

Showing posts with label Android Applications. Show all posts

Researchers Found Android Apps on Google Play that Steal Personal Data of Victims and Pose Other Threats



Security researchers identified seven new malicious apps present on Google Play Store that infect devices with adware and malware while laying open the system's backdoor access which ensures a smooth installation of any new functionality that comes along with the application. Other threats include battery drainage and excessive consumption of mobile data.

In recent times, with the mobile malware penetrating its roots in the cyber world, there have been a number of new discoveries from security researchers where they warn of malicious android apps that request sketchy permissions and contain malware. Android platform's openness, flexibility, and excess control are the key factors which make it all the more attractive to the users and likewise, cybercriminals. As a downside, it also provides a more vulnerable space for criminals to exploit by posting adware infected apps to serve marketing interests and steal sensitive user data. These apps can take different forms and mostly, share a similar code structure which indicates a direct link between the developers.

These malicious apps are configured to download and consequently install APKs from a GitHub repository, hence attackers are handling the GitHub communication very sophisticatedly, as a part of which they effectively wait to bypass detection by security officers and malware detection agencies.

Attackers have embedded a GitHub URL within the malicious app code which sets the basis for evading Google Play protect scan. However, while security researchers somehow managed to unearth the configuration data of the malicious apps and related URLs, they were directed to Adware APK which is triggered right after the installation of the infected app. The APK halts for a timeframe of 10 minutes after being triggered to execute the malicious motives.

Here, the aforementioned malicious apps have been posted by three different developers as listed below:

iSoft LLC (Developer) – Alarm Clock, Calculator, Free Magnifying Glass
PumpApp (Developer) – Magnifying Glass, Super Bright LED Flashlight
LizotMitis (Developer) – Magnifier, Magnifying Glass with Flashlight, Super-bright Flashlight

As a security measure for the continuously expanding mobile malware, Google tied up with various mobile security companies that would assist them in detecting bad apps before they hit a download mark over million. Users who have already installed these dropper apps are recommended to uninstall them manually.

Over 2,000 malicious apps exists on Play Store

If you thought that the quality control issues plaguing the Google Play Store for Android were finally being ironed out, it couldn't be further from the truth. A two-year-study by the University of Sydney and CSIRO’s Data61 has come to the conclusion that there are at least 2,040 counterfeit apps on Google Play Store. Over 2,000 of those apps impersonated popular games and had malware. The paper, a Multi-modal Neural Embedding Approach for Detecting Mobile Counterfeit Apps, was presented at the World Wide Web Conference in California in May documenting the results.

The study shows that there is a massive number of impersonated popular gaming apps available on Play store. They include fake versions of popular games such as Temple Run, Free Flow and Hill Climb Racing. The study investigated around 1.2 million apps on Google Play Store, available in Android, and identified a set of potential counterfeits for the top 10,000 apps.

Counterfeit apps impersonate popular apps and try to misguide users`. “Many counterfeit apps can be identified once installed. However, even a tech-savvy user may struggle to detect them before installation,” the study says.

It also points out that fake apps are often used by hackers to steal user data or infect a device with malware. “Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences like financial losses or identity theft,” reads a blog post by the university.

The study also found that 1,565 asked for at least five dangerous permissions and 1407 had at least five embedded third-party ad libraries.

To investigate these applications on Google Play store the researchers used neural networks.

Google has acknowledged the problem of “malicious apps and developers” in a blog post by Google Play product manager Andrew Ahn on February 13, 2019.

According to Google, the company now removes malicious developers from Play store much faster when compared to previous years. The company says that in 2018 it stopped more malicious apps from entering the store than ever before.

A Google spokesperson, in response to a TOI email, said, “When we find that an app has violated our policies, we remove it from Google Play.”

Qualcomm Chip Security Flaw Poses Risk to App Account Security



Qualcomm technology which was manufactured to safely store private cryptographic keys has been found to be plagued with a security bug. The bug has been found in Qualcomm chipsets and is said to be paving way for Android malware which can potentially steal access to victims' online accounts.

The implemention of the technology should be such that even if the Android's OS has been exploited, the Qualcomm Secure Execution Environment, also known as QSEE should be beyond the reach of exploit and hence, unassailable. However, due to some imperfections in the implementation, such is not the case.

One can go about manipulating the system and leaking the private stored keys into the QSEE, as per a researcher with cybersecurity firm NCC Group, Keegan Ryan.

Ryan documented the vulnerability and came out with a conclusion that the flaw could bave been used by a hacker to exploit the way mobile apps let users sign in on smartphones. After entering the password, a cryptographic key pair would be generated by the app, which can be employed to make sure that all login attempts in the future are from the same device.

Referenced from the statements given by Ryan to PCMag,
"However, if an attacker uses this vulnerability to steal the key pair, the attacker can impersonate the user's device from anywhere in the world, and the user cannot stop it by powering down or destroying their device,"

"The attacker can run the malware one time, and extract the key. They now have permanent and unrestricted ability to create (authentication) signatures," he further added.

The patch is expected to roll out in April itself along with Android's security update.






Pre-installed Android Apps Invade Privacy; Situation Still Out Of Control



Recent studies have provided evidence as to the role the pre-installed android application play in the breach of privacy of users.


Google doesn't seem to be paying enough attention on the issue which concerns security.

Heavy security checks are required of them as similar to the checks done for play store versions of the applications.

According to an independent study led by a group in Spain, personal information could be harvested by these pre-installed applications.

A well-known institute of Madrid IMDEA Institute and Stony Brook University checked out the pre-installed apps on the android devices from over 2700 users, over 1700 devices from around 200 vendors all across 130 countries.

The study didn't go deeper about the EU's General Data Protection Regulation laws and the difference they would make.




Android is a highly customized operating system despite its being owned by Google. This includes the packaging of other applications with the operating system before they are delivered to other users.

As per the aforementioned study, a potential threat to users' privacy prevails by the hands of  the infamous pre-installed apps which never undergo the security checks that the other downloaded apps do.

As usually is the case, pre-installed applications could never be uninstalled and aren't even subject to the severe security checks which are a must to keep the users safe.

It was implied by the co-author of the study that apparently no one keeps track of what the pre-installed applications do. There is a major lack of transparency and regulation.

In reply to all of this, Google said that it provides tools to equipment manufacturers which ensures that Google's  privacy and security standards aren't hampered. 

One of Google's spokespersons also mentioned that clear policies regarding the pre-installed applications are given to their partners also that information related with potential hazards is regularly disseminated to them.

The issue of the pre-installed apps has caught fire quite heavily now. A US department of Justice dug into Facebook. Partnerships are also being looked into.

Most of the Antivirus Android Apps Ineffective and Unreliable



In a report published by AV-Comparatives, an Austrian antivirus testing company, it has been found out that the majority of anti-malware and antivirus applications for Android are untrustworthy and ineffective.

While surveying 250 antivirus applications for Android, the company discovered that only 80 of them detected more than 30% of the 2,000 harmful apps they were tested with. Moreover, a lof of them showed considerably high false alarm rates.

The detailed version of the report showcased that the officials at AV-Comparatives selected 138 companies which are providing anti-malware applications on Google Play. The list included some of the most well-known names like Google Play Protect, Falcon Security Lab, McAfee, Avast, AVG, Symantec, BitDefender, VSAR, DU Master, ESET and various others.

ZDNet noted that the security researchers at AV-Comparatives resorted to manual testing of all the 250 apps chosen for the study instead of employing an emulator. The process of downloading and installing these infectious apps on an Android device was repeated 2,000 times which assisted the researchers in concluding the end result i.e., the majority of those applications are not reliable and effective to detect malware or virus.

However, the study conducted by AV-Comparatives also highlighted that some of the offered antivirus applications can potentially block malicious apps.

As some of the vendors did not bother to add their own package names into the white list, the associated antivirus apps detected themselves as infectious. Meanwhile, some of the antivirus applications were found with wildcards in order to allow packages starting with an extension like "com.adobe" which can easily be exploited by the hackers to breach security.

On a safer side, Google guards by its Play Protect which provides security from viruses on Android by default. Despite that, some users opt for anti-malware apps from third-party app stores or other unknown sources which affect safety on their devices.

The presence of malicious apps on Google Play was also noticed in the past and with the aforementioned study, Android is becoming an unsafe mobile platform.



Google updates Google Play Protect


Google has made some significant changes to Google Play Protect for protecting Android users from unwanted and malicious apps.

The company has launched the Google Play Protect feature in 2017, it performs the following functions:


  •  It does a safety check for apps before users download it from the Google Play Store.
  •  It  also checks for potential harmful apps available from the other sources 
  •  It warns and detect potentially harmful apps, and removes malicious apps from your device.
  •  It warns about apps that violate our Unwanted Software Policy by hiding or misrepresenting important information.


In a blog post, Google said that Google Play Protect has protected over 2 billion devices every day.

"Google Play Protect is the technology we use to ensure that any device shipping with the Google Play Store is secured against potentially harmful applications (PHA)," stated Google's blog post. "It is made up of a giant backend scanning engine to aid our analysts in sourcing and vetting applications made available on the Play Store, and built-in protection that scans apps on users' devices, immobilizing PHA and warning users."

Google has enabled Google Play Protect by default for all Google Play users, but a user can also confirm that Google Play Protect is enabled by going into the Play Store, tapping, and tapping Play Protect.

Threatening Frailty in the Indian Mobile Security



Compromising your phones has become quite an easy task for the hackers these days as it is convenient for them to do so without much hard work .There are numerous ways already available like the hackers can change passwords and get access to confidential corporate and private data on your phone or better yet they can either install malicious code on your phone that allows them to read your messages, access your photos or could even turn on your microphone.

In other words, once hackers access your device, they can easily use your microphone or camera to record you, and thanks to GPS, they’ll even get to know your location.

In case of companies that make operating systems (OS) for mobile phones, they are used to plugging known vulnerabilities and loopholes by periodically updating their operating systems and release newer versions of it by even issuing security patches.

But in the case of Android, there exists a unique problem. Android being a foundational OS releases an update or a security patch and it’s unclear who is responsible for updating the OS that’s actually running on the device.

There are hundreds of companies that are currently making Android based devices and selling more than 60,000 models worldwide. It’s a complex ecosystem, with no one quite tracking the updates and vulnerabilities.

A third of the Android phones in India are running a version of the OS released in March 2015 or before. This leaves now some 300 million smart phone users in India potentially vulnerable.
Nobody presently knows how they are utilizing the internet and what applications are being installed on these devices. They are additionally liable to be less attentive about imparting information to application developers. Most terms and conditions that users consent to have a tendency to be in English. And that in itself is reasonable enough for assuming that numerous Indian mobile users are consenting to things without quite understanding what they are consenting to.

Saket Modi, the CEO of Lucideus Tech as well as a well-known ethical hacker says,
“It is relatively harder to install malware on Apple’s iPhones as to install a hacking app on an iPhone, you need the unique device identifier — a sequence of 40 letters and numbers, which can only be accessed by connecting the phone to a computer via Apple’s iTunes software. It is far easier however to install an app from an unknown source on an Android phone than on an iPhone,”

According to data aggregated by Lucideus, Android (all versions combined) has 1,855 known vulnerabilities, compared with 1,495 for iOS.

The Outdated privacy laws in India add to the troubles of mobile phone users. Shiv Putcha, founder of telecom consultancy Mandala Insights says..

 “In India, the regulations are weak at best, you don’t have a privacy law, no regulations around data storage or access to private data. If they (mobile phone makers and service providers) aren’t storing data here, how can we be sure how secure our data is?”

Nevertheless the government though did respond to this issue by highlighting the need for a strong data protection law, along the lines of the General Data Protection Regulation (GDPR) in the EU, and has even set up a committee to look into it.


Although according to Google, in 2017, India still ranks third in the highest percentage of phones with potentially harmful applications (PHAs) among the major Android markets, with 1% of the total Android phones in the country affected, though the figure had dropped by a third from 2016 but Google still says that devices that install apps from outside the Google Play app store are nine times more likely to have PHAs.





Spotify warns users using hacked apps to access premium for free

Spotify, the online music streaming service that had only just filed for an initial public offering (IPO) for later this month, is now cracking down on users who are using unauthorised or modified versions of the Spotify app to access Premium features for free.

These hacked apps allow freeloaders to skip songs indefinitely and enjoy ad-free streaming — features that are only available for premium users.

The free version of Spotify has certain restrictions such as advertisements, shuffle-only play, skipping restrictions, and such that encourage users to buy premium. These modified versions of Spotify make premium redundant by letting users enjoy unrestricted streaming with the help of installation files that can be downloaded alongside the app.

Spotify is sending an email to users in whose accounts they identify any “abnormal activity” and warn that future breaches could result in suspension or even termination of their Spotify account.



According to the email, to regain access to their account, a user has to simply uninstall the hacked or modified Spotify app and redownload the official app from Google Play Store.

It has not been revealed how many users reportedly use these versions to enjoy restriction-free streaming for free. According to figures released by the company in December, the service itself is used by more than 159 users around the world — 88 million of which are users of the free tier of Spotify.

Considering the company’s current losses, it is not surprising that they are finally addressing the issue.

The AirDroid Lesson: Don't let apps take over your life

The popular android app AirDroid which lets users organize their lives by  providing the remote ability to send text messages, edit files, manage other apps and perform GPS tracking suffers from a serious authentication flaw which allows attackers to take control over user's activities.

Th flaw can be exploited  to take photos of the victim via the phone’s camera, track the victim via GPS or harass the victim’s friends and family via contacts.Anything that the app has permission to access to can be accessed by the remote attacker.

The mode of attack is very simple, the attacker would send a innocent-looking link to the user which if clicked leads to the webpage of the attacker. The attacker thus assumes control over the user's phone and can activate the phone's camera to take photos of the user and taunt the user.

This bug has been fixed as of now but the security risk it posed raises questions on how much should an app be permitted to know.

Often for the sake of convenience we offer personal information to the apps thus compromising our security. The long list of permissions that an app asks for is also cumbersome for many users to scan through and they just hit agree.  One never knows how many vulnerabilities are lurking in the apps we freely download and use and how those vulnerabilities can be exploited to take over our daily activities.One must be careful of the things they are agreeing to while installation.

Constant vigilance is the key.

Yahoo! app vulnerability could be behind 'Android botnet'



Earlier this month, Microsoft Engineer ,Terry Zink said he discovered spam was being sent from compromised Yahoo accounts from what looked like an international Android spam botnet.

He stated that the messages all come from Yahoo Mail servers. They are all from compromised Yahoo accounts. They are sending all stock spam, the typical pump and dump variety that we’ve seen for years.  Furthermore, they all have the 'Sent from Yahoo! Mail on Android' text at the bottom of their spam.


Google, however, refuted that the spam were sent from an Android botnet, stating that the spammers behind this may have used infected PCs and fake mobile signature in an attempt to bypass email filters.

Security Researchers at Lookout have identified a security hole in the Yahoo! Mail app for Android, which they believed to be responsible for the so-called mobile spam botnet. Today, Trend Micro experts have confirmed the existence of the vulnerability.

They couldn’t precisely say if the vulnerability is in fact responsible for the spam sent out from mobile phones, but the fact that they independently appoint the same weakness as a possible cause makes this scenario even more plausible.


The vulnerability discovered by the researchers allow an attacker to gain access to a user’s Yahoo! Mail cookie.

This bug stems from the communication between Yahoo! mail server and Yahoo! Android mail client. By gaining this cookie, the attacker can use the compromised Yahoo! Mail account to send specially-crafted messages. The said bug also enables an attacker to gain access to user’s inbox and messages.

Spyware masquerade as greeting-sending app and steals your Mobile info


New Year coming up, there's naturally a lot of well wishes and holiday greetings being messaged around. Looks like somebody's decided to join in (a little late) — and also do a bit of data harvesting at the same time.

F-Secure researchers have spotted a malware application(na masquerade as greeting-sending applicaion that lets you send witty/sweet/funny messages to your contact. On execution, it displays a list of text messages that fall into different categories: new year wishes, friendship, love and jokes

When the user selects one of messages, the app prompts a dialog box asking for the next action: Contact, Edit or Cancel.

If Contact is chosen, the app tries to read the stored contact data. Presumably, it needs to know to whom to send the message.

Researchers tested the application with a test phone that has bogus contacts present, no text message was sent then either — AdBoo only produces a dialog box with the message "Sending fail"

When analyzing the app, researchers noticed that the app did do something else though. On selecting the Contacts options, it silently obtained the following information from the device:

1) Phone Model
2) Android Version
3) Phone number
4) International Mobile Equipment Identity (IMEI) number

The harvested details are then forwarded to remote server.

Incidentally, looking at the certificate for this variant of AdBoo, it appears to be from the same developer as Zsone.A.

DroidSheep ~ one-click session hijacking using your android smartphone

What is this about?
If you know Firesheep or Faceniff, you probably know what this is about – one-click session hijacking using your android smartphone or tablet computer.

If you do not know one of these tools, I’ll try to explain what DroidSheep is.

Maybe you know Bob. Bob is a wellknown person and Bob loves coffee. Every morning, he takes his laptop and visits one the famous green coffee bars, has a “grande vanilla latte” and writes messages to his facebook friends. For doing that, Bob uses the coffee bars WiFi – because it´s free and fast.

One Morning, Bob is just writing a message to his girlfriend, Eve enters the coffee bar. Eve has an Android phone and Eve uses DroidSheep. After ordering a “venti caramel macchiato”, Eve sits down, takes her phone and starts browsing facebook. Using Bobs identity. She can watch at his friends. Read his messages. Write messages. Write wall posts. Remove friends. Delete Bobs account. Without getting ever in touch with Bob.


What happened?

When Bob is using the WiFi, his laptop sends all the data intended to be received by facebook, over the air to the coffee bars wireless router. As “over the air” means “captureable by everybody”, Eve (or her phone) can read all the data sent by Bob. As some data is encrypted before being sent, she cannot read Bobs facebook password, but in order not to make Bob enter his password after each click, facebook sends Bob a so called “session id” after logging in, which Bob sends with each interaction, making it possible for facebook to identify Bob. Usually only Bob knows this id, as he receives it encrypted. But when Bob uses the coffee bars WiFi, he spreads his session id over the air to everybody. So Eve takes this session id and uses it as hers – and facebook cannot determine, if Bob or Eve uses this id.

DroidSheep makes it easy to use for everybody. Just start DroidSheep, click the START button and wait until someone uses one of the supported websites. Jumping on his session simply needs one more click. That´s it.


What do you need to run DroidSheep?
- You need an android-powered device, running at least version 2.1 of Android
- You need Root-Access on your phone (link)
- You need DroidSheep :-) (You can get it in the “GET IT” section)

DroidSheep now supports nearly all Websites using Cookies!
With Version 5, DroidSheep got the new “generic”-Mode! Simply enable it, and DroidSheep will capture all Accounts in the network!!
Successfully tested with ALL already supported Accounts and a lot of other ones (even all WordPress and Joomla-Pages should work!!)


Which pages does DroidSheep support?
- amazon.de
– facebook.com
– fl ickr.com
– twitter.com
– linkedin.com
– yahoo.com
– live.com
– google.de (only the non-encrypted services like “maps”)



Limitations
DroidSheep now supports OPEN, WEP, WPA and WPA2 secured networks.
For WPA/WPA2 it uses an DNS-Spoofing attack.
DNS-Spoofing, means it makes all devices within the network think, the DroisSheep-device is the router and sending their data to the device. This might have an impact to the network and cause connection problems or bandwith-limitations – and it can be spotted. DroidSheeps attack can not, as it only reads the packets sent over the WiFi, but instead of dismissing them, it uses the data :-)

How does this work?
When you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A sessions gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets.
DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.

DroidSheep is NOT INTENDED TO STEAL IDENTITIES.
It shall show the weak security properties of big websites just like Facebook. Please be always aware of what you’re doing.
I AM NOT RESPONSIBLE FOR ANY DAMAGES THAT HAPPEN BY USING THIS SOFTWARE!


HowTo use.
Using DroidSheep is really simple
Before you start — Make sure your phone is ***ROOTED***
DroidSheep will not work without Root-Privileges! If it is not, try THIS
Installation:
There are two possible ways to install DroidSheep:
  • One of the Android Markets (Google, AppBrain, …) — Simply search for DroidSheep and install the application
  • Download it from the “GET-IT” section using your phones browser and open the file — your phone should ask for installing the app.



Download

Free AVG Mobilation Application for Android ~ Anit Malware



Android becomes popular , at the same time  malware for Android mobiles started to increase rapidly.  In order to provide mobile security AVG released AVG Mobilation App for Android.  There are two versions available , Free and Pro.   They offer the full "pro" version with a value of around € 7

AVG Pro
"AVG Pro Mobilation" scans Android under individual applications, and media files for viruses. In addition, you can locate your cell phone using GPS on a Google Map. This is especially handy if you have lost your Android device, or it was even stolen. However, you must advance your device via e-mail address registered on the app

The security app also allows you to create backups in order to recover critical applications and data at any time. This service is still in beta phase. Next you delete with "AVG Pro Mobilation" individual tasks that reduce the speed of your mobile phone.

How safe are Mobilation AVG Pro
Exclusive to the Pro version of AVG Mobilation app you will also receive protection from virus-infected message. Also, you can block spam messages with the app.

The anti-virus feature is updated regularly, of course. New features in this version, however you will not be recorded via an update - unless you purchase "AVG Pro Mobilation" later bought.

AVG Anti-virus Free
"AVG Anti-Virus Free" Android scans under a single application, and media files for viruses. In addition, you can locate your cell phone using GPS on a Google Maps map. This is especially handy if you have lost your Android device, or it was even stolen.

The free app that allows to create backups in order to recover critical applications and data at any time. Next you delete with "AVG Anti-Virus Free 'individual tasks that reduce the speed of your mobile phone.

Get Free version from Here.