Advertisements

New Android Warning: These 15 Malicious Apps May Be Hiding On Your Phone—Uninstall Now

As the stories keep coming about malicious apps finding their way onto Google’s Play Store, one serious concern is the increasingly sophisticated efforts made by those apps to hide their intent from users. Well, the latest report from the team at Sophos has found 15 harmful apps that have gone a stage further—literally “hiding their app icons in the launcher… or disguising themselves in the phone’s App settings page.”

Put simply, apps have been found that trick users into installing them to perform a trivial service. The app disappears from view, but it is actually running, disguised under a system name, making it impossible to detect and stop without effort. Users are urged to specifically root these apps out, stop them, then delete them completely.

If the apps aren’t seen, then they won’t trigger user concerns and they become much more difficult to casually delete without making the effort to find them. That’s the theory. But now those apps have been exposed. Users have been warned.

Today In: Innovation

Yet again, these latest apps join the countless others delivering adware—generating fraudulent revenue for their operators. Let’s be clear, free apps that deliver ads in their unpaid versions might be irritating, but they’re not necessarily fraudulent. But here we are talking about apps designed to deliver ads—it’s their sole purpose. It is the direct opposite of free apps, the ads are the focus, the app itself a wraparound.

The 15 apps discovered and disclosed by Sophos have been installed on more than 1.3 million devices—that’s a lot of ads, a lot of fraudulent revenue. And this is likely the tip of the iceberg for this new “icon hiding” threat category. “If history is any indication,” Sophos warns, “there are likely many more waiting to be found.”

The “dirty tricks” pulled off by these apps include various ruses to hide away—either on install or shortly afterward, and installing two apps at once—a benign app that is visible as per normal, and a malicious app that remains hidden. Most phones these days have a wide range of legacy and unused apps—we don’t notice what’s there and how many of us ever purge our devices? That’s the social engineering taking place here—if the app can hide initially, it will likely hang around for some time.

“Nine of the 15 apps used deceptive application icons and names, most of which appeared to have been chosen because they might plausibly resemble an innocuous system app,” Sophos explained. But they cannot hide completely if you know what you’re looking for—and Android users are urged to check their phones for these apps—and if you find them, delete them. “The app icon is still visible in the phone’s ‘gear’ Settings menu, under Apps.”

Here are the 15 apps exposed by Sophos—you’ll notice the poor reviews, often a sign that an app of this kind is best avoided.

As so often with adware apps, most are designed around trivial utilities—QR readers and image editors, for example. “Most ironically,” Sophos reports, one of the malicious apps is designed “to scrub your phone of private data.” You couldn’t make this up. The mindset to download an app of unknown provenance for such a delicate purpose we won’t get into—the warnings here basically go without saying.

Once installed, the apps use innocuous names to ensure they don’t trigger suspicions. And, arguably, the most worrying finding is that all 15 apps appeared this year—that means there are still gaping holes in Play Store security and there are adware factories churning out such apps and pushing them into the public domain. Sophos believes that similarities in coding structure and user interfaces suggests this batch of apps might all be related, despite appearing to come from different publishers.

Sophos says that Google was notified about the apps and they seem to have been removed—the underlying threat and coding techniques will remain in other as yet unidentified apps in the store and the myriad apps likely still to come.

The package names of the 15 apps are here:

Andrew Brandt, a principal researcher at Sophos, warns that “while these apps have been removed from the Google Play Store, there may be others we haven’t yet discovered that do the same thing.”

Brandt also explains that if uses suspect an app might be hiding, or to check against the published list, “tap Settings, then Apps & Notifications. The most recently opened apps appear in a list at the top of this page. If any of those apps use the generic Android icon (which looks like a little greenish-blue Android silhouette) and have generic-sounding names (‘Back Up,’ ‘Update,’ ‘Time Zone Service’) tap the generic icon and then tap ‘Force Stop’ followed by ‘Uninstall’.” Real system apps won’t offer an ‘uninstall’ option but will have a ‘disable’ option instead.

Ultimately, the usual advice applies here. Don’t download trivial utility apps because they seem nifty and free—they’re free for a reason. Even if the downside is simply unwanted ads, the fact is that malicious apps can often be hiding more dangers than that. Given how much private information we carry on our devices, don’t casually leave the backdoor open to anyone with a shiny app and a free install.

Follow me on Twitter or LinkedIn.

I am the Founder/CEO of Digital Barriers, supplying AI surveillance tech to defence, national security, counter-terrorism and critical infrastructure entities in the U.S., EMEA and Asia. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. I also focus on the balance of privacy and public safety. Contact me at zakd@me.com.

Source: New Android Warning: These 15 Malicious Apps May Be Hiding On Your Phone—Uninstall Now

714K subscribers
These are 20 dangerous Android Apps that trap users of Android smartphones to mine the various cryptocurrencies using their devices computing power. The security solutions company Sophos has identified malicious apps on the Google Play store and on a Russian download site called “Coandroid” that tap into a smartphones CPU to mine for cryptocurrency that can cause your device to overheat and become slow, which could also lead to permanent damage to your smartphone. Some of these apps are very popular. If you have them installed on your phone, you should uninstall them immediately. If you’re new, Subscribe! ▶ https://www.youtube.com/techgumbo Share This Video ▶ https://youtu.be/WfTaXq_mbvM “Android Apps” Series https://www.youtube.com/playlist?list… Those listed below with “Coandroid” next to their name are safe to download from the Google Play store. Do not download from the “Coandroid” website. 0:41 AIMP (Coandroid) 1:23 Block Strike (Coandroid) 1:45 Parkour Simulator 3D (Coandroid) 1:54 Skanvord 2:08 NeoNeonMiner 2:24 Others 2:46 Wrestling Apps CoinMiner and other malicious cryptominers targeting Android https://www.sophos.com/en-us/medialib… TechGumbo is a leading source for the technology that we use each day. Whether it’s discussing computer operating system tricks, the latest tips for your mobile phone, finding out about the newest gadgets, or letting you know about the best Android Apps for your smartphone, TechGumbo has boundless topics on technology for the astute YouTube viewer.

Advertisements

$3.2 Million From Cryptopia Hack Liquidated on Major Crypto Exchanges

The infamous Cryptopia hack of January 14, which led to over $16 million in stolen Ethereum (ETH) and ERC20 tokens, has been under close investigation by New Zealand police and specialists worldwide.Thanks to the open nature of cryptocurrencies on the blockchain, analysts and investigators have been successful in tracking the stolen crypto funds, leading major cryptocurrency exchanges to liquidate $3.2 million in stolen tokens on February 4…………

Source: $3.2 Million From Cryptopia Hack Liquidated on Major Crypto Exchanges

Blockchain Security Experts Claims That $2.5 Million is Stolen From Crypto Exchanges Daily

https://www.pivot.one/share/post/5c496d72016de70bb6160d37?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

Iceland: Figurehead in Bitcoin Miner Heist Jailed for More Than Four Years

An Icelandic man has received a four-and-a-half-year prison sentence for stealing Bitcoin mining equipment, local English-language news outlet Iceland Monitor reported Jan. 17. Sindri Þór Stefánsson, who in April 2018 boarded a flight to Stockholm from Reykjavik reportedly with a stolen passport, was subsequently arrested in Amsterdam and returned home. Stefánsson claimed he legally fled custody to Sweden. In court, Stefánsson, along with six accomplices, received a lengthy jail term.

Source: Iceland: Figurehead in Bitcoin Miner Heist Jailed for More Than Four Years

Malware Found on a Movie Downloaded via Torrent Steals your Crypto and Poisons your Search Results – Ethereum World News

The plans of the security researcher under with the twitter username 0xffff0800 to spend a relaxing movie night at home did not turn out as he expected since after downloading a movie from a torrent uploaded to The Pirate Bay, he found a new (and interesting) type of malware that almost infects his computer………

Source: Malware Found on a Movie Downloaded via Torrent Steals your Crypto and Poisons your Search Results – Ethereum World News

Bitcoin Continues Descent to $3600 as Hackers Steal 200 BTC from Electrum Wallet

https://www.pivot.one/share/post/5c259b1d595ce7158982996b?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

How Hackers Bypass Gmail 2FA at Scale – Joseph Cox

1.jpeg

If you’re an at risk user, that extra two-factor security code sent to your phone may not be enough to protect your email account. Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies. But a new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.

They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target’s phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account. The news acts as a reminder that although 2FA is generally a good idea, hackers can still phish certain forms of 2FA, such as those that send a code or token over text message, with some users likely needing to switch to a more robust method.

“Virtually in that way they can bypass any token-based 2FA if no additional mitigations are implemented” Claudio Guarnieri, a technologist at Amnesty, told Motherboard in an online chat. 2FA is adding another layer of authentication onto your account. With token-based 2FA, you may have an app that generates a code for you to enter when logging in from an unknown device, or, perhaps most commonly, the service will send a text message containing a short code that you then type into your browser.

 

 

Donate us if you like

 

 

Here’s how to protect your bitcoin and ethereum from hacking

https://www.pivot.one/share/post/5c1f94ab016de74b6531f993?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

%d bloggers like this:
Skip to toolbar