Oh, look: More malware in the Google Play store

Trending 10 months ago

in brief A quartet of malware-laden Android apps from a azygous developer person been caught pinch malicious codification much than once, yet nan infected apps stay connected Google Play and person collectively been downloaded much than 1 cardinal times. 

The apps travel from developer Mobile apps Group, and are infected pinch nan Trojan known arsenic HiddenAds, said information shop Malwarebytes. It analyzed 1 of Mobile apps Group's products, Bluetooth Auto Connect, which ostensibly does what its sanction suggests but besides overmuch more. 

A tally of complete 10 months pinch malicious codification connected Google Play?  Perhaps it's clip to opportunity 3 strikes and you're retired to Mobile apps Group

According to Malwarebytes, erstwhile installed nan app waits for a fewer days to commencement behaving maliciously. Once it takes action, nan app originates opening phishing sites successful Chrome that scope from harmless pay-per-click spam, to sites telling users to download updates, aliases return action because their instrumentality has been infected. 

"As a result, unlocking your telephone aft respective hours intends closing aggregate tabs," Malwarebytes' Nathan Collier said. 

Interestingly, nan malware successful Mobile apps Group's .APKs was removed doubly – successful January 2021 and again nan adjacent period – erstwhile nan developer uploaded cleanable versions of Bluetooth Auto Connect earlier adding nan malware backmost successful a early update. 

Collier believes that nan developer was apt caught by Google, starring to nan cleanable uploads. Despite that, he notes that nan past cleanable type was published connected October 21, 2021, pinch a caller malware-infested type was added to Google Play successful December of past year.

"Now connected type 5.7, that malicious codification remains to this date.  A tally of complete 10 months pinch malicious codification connected Google Play.  Perhaps it's clip to opportunity 3 strikes and you're retired to Mobile apps Group," Collier said. 

Google Play has a history of hosting malicious apps, pinch possibly 1 of nan astir egregious cases coming to ray this past July erstwhile 60 apps installed by much than 3.3 cardinal users were taken down owed to malware.

This isn't moreover nan first clip the HiddenAds Trojan was recovered connected Google Play: It was spotted connected nan store successful 2020, while successful 2021 a celebrated barcode scanning app installed connected complete 10 cardinal devices was updated to adhd HiddenAds (and besides researched by Collier). 

Google has besides been accused of failing to constabulary malware pre-loaded onto inexpensive Android devices, which much than 50 defense groups called nan institution retired for successful 2020. 

Software proviso concatenation onslaught hits US news media

Proofpoint Threat Research is informing that much than 250 section and location US newspaper websites person been accessing and serving malicious codification to readers pursuing a package proviso concatenation attack.

  • Google stops enforcing Play shop costs rules successful India
  • Windows Subsystem for Android declared fresh for premier time
  • Russia's Facebook-like VK removed from Apple App Store
  • TikTok faces $29m good for 'failing to protect UK kids' privacy'

The group responsible is believed to beryllium TA569, aliases SocGholish, Proofpoint said successful a Twitter thread. The group reportedly compromised an unnamed media institution that serves JavaScript ads and videos to news sites crossed nan state "by modifying nan codebase of this different benign JS." 

Proofpoint has tracked TA569 for respective years, and in 2020 warned that it was performing akin attacks via HTML injections and CMS compromises. According to Proofpoint, nan extremity end is an infection pinch SocGholish malware, which masquerades arsenic an update record for Firefox and different web browsers.

Only nan infected media companies serving nan ads person nan existent tally showing really wide nan harm is, Proofpoint said, adding that compromised sites were recovered serving Boston, New York, Chicago, Washington, DC and different metro areas.

Proofpoint said TA569 regularly removes and adds caller malicious code, "therefore nan beingness of nan payload and malicious contented tin alteration from hr to hour," making this 1 difficult to detect, too.

Nearly half of US authorities labor usage out-of-date mobile devices

Just nether half nan mobile devices utilized by US civilian servants astatine each levels of authorities are moving out-of-date OSes, according to a study examining telemetry from much than 200 cardinal devices.

According to information patient Lookout, this includes US federal, authorities and section labor utilizing outdated versions of Android and iOS connected their devices, pinch acold worse numbers reported for Android.

Ten months aft nan merchandise of Android 12, only 67 percent of national devices and 54 percent of state/local devices were moving nan up to day version. Android 11 was connected astir 15 percent of devices astatine each authorities levels, while much than 10 percent of authorities and section devices were still moving Android 9. 

The only ample group of iOS devices not moving iOS 15 (the newest type during nan information period) were authorities and section devices, astir a 4th of which were still moving iOS 14 10 months aft nan iOS 15 release.

But cybercriminals bent connected accessing authorities devices are turning distant from malware and toward elemental credential harvesting, meaning those outdated OSes mightiness not beryllium to blasted for threat actors gaining a foothold successful US authorities agencies. 

Around 50 percent of phishing attacks connected authorities labor attempted to bargain credentials, up from astir a 3rd nan twelvemonth prior, Lookout said. One spot of bully news from nan study is that authorities labor look to beryllium learning their instruction from being phished.

"Well complete 50 percent of federal, state, and section labor who received a notification that they had clicked connected a phishing nexus did not click connected a consequent mobile phishing link." ®