Google has published a fresh report on malicious apps in the Play Store.
Attackers are increasingly using a technique called version control to evade Google Play malware detection and reach unsuspecting Android users.
“Campaigns that use versioning typically target user credentials, identity, and finances,” according to a recent report from the Google Cybersecurity Action Team (GCAT).
Although versioning is not a new technique, it is rather insidious as it is extremely difficult to detect. To use this method, an Android developer first uploads a harmless version of the application to the Play Market, which easily passes all the necessary Google checks. However, this version is later updated and receives a malicious component from the attackers' server, effectively turning the application into a backdoor.
So, in May of this year, we reported on the malicious application “iRecorder”, which remained harmless for almost a year after being published on the Play Market. And then malicious changes were secretly introduced to it to spy on users.
Another example is the famous banking trojan SharkBot, which repeatedly penetrated the Play Market under the guise of antiviruses and various system utilities. SharkBot initiated unauthorized money transfers from compromised devices, thereby shamelessly stealing from its victims.
"The version control threat demonstrates the need to apply defense-in-depth principles for enterprise customers, including but not limited to limiting application installation sources to only trusted sources such as Google Play, or managing enterprise devices using a mobile device management platform," Google said in a statement.
“Attackers can have multiple apps published on Google Play at the same time under different developer accounts, but only one will act as malicious. And when it is noticed and deleted, it will be replaced by a backup copy from another account, ”the Dutch company ThreatFabric noted in June of this year.
According to experts, users should be vigilant and careful when installing updates, as they can turn a previously safe application into a backdoor for attackers.
To mitigate risks, it is recommended not to download obscure applications from dubious publishers at all, in order to eliminate the risk that they will turn into a Trojan in the future. And if you really need it, then you first need to carefully study the latest reviews, and only then install it.
Also, make sure that Google Play Protect is enabled on your device, as it is more likely to capture malicious content.
Attackers are increasingly using a technique called version control to evade Google Play malware detection and reach unsuspecting Android users.
“Campaigns that use versioning typically target user credentials, identity, and finances,” according to a recent report from the Google Cybersecurity Action Team (GCAT).
Although versioning is not a new technique, it is rather insidious as it is extremely difficult to detect. To use this method, an Android developer first uploads a harmless version of the application to the Play Market, which easily passes all the necessary Google checks. However, this version is later updated and receives a malicious component from the attackers' server, effectively turning the application into a backdoor.
So, in May of this year, we reported on the malicious application “iRecorder”, which remained harmless for almost a year after being published on the Play Market. And then malicious changes were secretly introduced to it to spy on users.
Another example is the famous banking trojan SharkBot, which repeatedly penetrated the Play Market under the guise of antiviruses and various system utilities. SharkBot initiated unauthorized money transfers from compromised devices, thereby shamelessly stealing from its victims.
"The version control threat demonstrates the need to apply defense-in-depth principles for enterprise customers, including but not limited to limiting application installation sources to only trusted sources such as Google Play, or managing enterprise devices using a mobile device management platform," Google said in a statement.
“Attackers can have multiple apps published on Google Play at the same time under different developer accounts, but only one will act as malicious. And when it is noticed and deleted, it will be replaced by a backup copy from another account, ”the Dutch company ThreatFabric noted in June of this year.
According to experts, users should be vigilant and careful when installing updates, as they can turn a previously safe application into a backdoor for attackers.
To mitigate risks, it is recommended not to download obscure applications from dubious publishers at all, in order to eliminate the risk that they will turn into a Trojan in the future. And if you really need it, then you first need to carefully study the latest reviews, and only then install it.
Also, make sure that Google Play Protect is enabled on your device, as it is more likely to capture malicious content.
