- Fukushima Report: Robot Lifts Melted Fuel
- TÜV, Nozomi Ink Partnership Pact
- Pangea Patches Bypass Vulnerability
- Fuji Fixes FRENIC Devices
- ARC: Safety and Profitability Work Together
- Public Needs to Know About Chem Releases: Judge
- Robot Testing Radioactive Fuel at Fukushima
- Siemens Fixes CP1604, CP1616 Holes
- Siemens has Upgrade for Intel AMT
- Siemens Fixes Hole in SIMATIC S7-300 CPU
- Siemens has Licensing Software Fix for SICAM 230
- Siemens Fixes Ethernet Communication Module, Relays
- OSIsoft has Update for PI Vision Hole
- First Responders Test Technology
- Manufacturing Targeted in Hack Attack
- Siemens Fixes SICAM A8000 RTU Series Hole
Chemical Safety Incidents
Real or Not? Google Pulls Security Apps
Friday, January 5, 2018 @ 01:01 PM gHale
Google yanked faux security apps from Google Play, after Trend Micro researchers discovered them.
While they looked like legitimate security solutions, and occasionally misusing the name of AV vendors, the apps seemed to be doing the job.
RELATED STORIES
Android Apps Banned after Stealing Passwords
Android Patch Clears Vulnerabilities
Android Backdoor Steals Social Media Info
Disable Location Services, Google Knows Location
They ended up showing security notifications and other messages, and warned users about malicious apps, and seemingly provided ways to fix security issues and vulnerabilities.
It was all a ruse. The apps used simple animations to trick users into believing the discovered issues were resolved.
The apps’ real goal was to hit users with ads and entice them to click on them, as well as covertly collect information about the user, the device, the OS, the installed apps, and track the user’s location, and upload all this information to a remote server.
Once installed on a target device, these fake apps, for which there were 36, had the ability to prevent themselves from appearing on the device launcher’s list of applications, and from showing an icon of the device’s screen.
“The excluded devices are: Google Nexus 6P, Xiaomi MI 4LTE, ZTE N958St and LGE LG-H525n. It is possible the malware developers knew that this tactic would not work on these devices, or they wanted to avoid being checked by Google Play during inspection periods,” Trend Micro researchers said in a post.
Users who downloaded and installed one of these apps were asked to agree to a EULA (end-user license agreement) that describes the information that will be gathered and used by the app.
The researchers released a list of app names, package names and SHA256 hashes of these fake security apps, so users can check whether they have installed one or more of them.
The list includes hashes for different versions of the same apps, most of which were found on Google Play. Trend Micro detects all of them, as the malicious apps, with small changes in their code, may be also be distributed by third-party app stores or forums.
Leave a Reply
You must be logged in to post a comment.