Wed. Sep 11th, 2024

Fresh Android Threat

Fresh Android Threat — Google just pulled out of the Play Store all these ‘ malicious ‘ games

“I truly feel,” Aviran Hazum of Check Point tells me, “that this shows the potential of criminal actors to change and resolve existing obstacles to accessing a wider market by infiltrating Google Play and overcoming Google’s review method. These two malware families together (Haken and Tekya) show Google Play’s ability to guard against the detection of malware by native code.

Android users are now being warned that 66 apps used this native technology technique to beat the scanning program in Google’s Play Store, applications installed more than a million times. And what’s more, even worse, is that kids were aimed at 26 of those apps — racing games and guessing, and playing games with chefs. The rest were useless — translates, calculators, ebook readers — easy to survive without amenities.

Google has deleted all of the compromised applications after it published its results, according to Check Point. The remainder were removed by the evil hacker himself when, so to speak, it knew the game was finished. Google had no malware comment, but reported that all the applications were pulled from the Play Store. Those apps are listed below — uninstall them now if you have any installed.

All 66 applications were designed to commit ad fraud, basically fake clicks to produce a healthy profit for their developers at the detriment of advertisers. Those 66 applications alone have the ability to raise millions of revenue, according to Check Point. And these applications blend straight into the mainstream, viewing “posts and banners from companies such as Google’s AdMob, AppLovin, Twitter, and Unity.

The malware operates by manipulating the “MotionEvent” feature of Androids, imitating the action of a person, tricking the ad into believing it has been clicked on. “VirusTotal and Google Play Safe went undetected in the Tekya malware collection,” says Check Point. Operators of the malware decompiled and cloned real, famous apps which were then renamed and taken back to the store with the smartphone adware included.

“There’s nothing wrong with native code,” states Hazum, “except in this situation the entire malicious code within Tekya is in the native language. Javascript is used in most programs, storing several instructions and APIs. Native technology doesn’t have all that — it’s a script of lesser quality. A review of native technology is much easier. As all of Tekya’s malicious code is native code. This could disable Google Security. ‘

“It once again highlights that the Google Play Store will still host malicious software,” warns Check Point. “The store has nearly 3 million applications available, with hundreds of new applications added daily — making it impossible to verify if any single app is free. Users can not rely on security measures taken by Google Play alone to ensure their devices are secured.

Adware like this is frequently dismissed as being more annoyance than a hazard. But a bad app is a bad app, so you’re vulnerable if there’s a loophole open on your computer. A few weeks ago, Google dumped a mass of apps that it believed were perpetuating exactly such fraud, many of which belonged to a Chinese developer identified as one. It is obviously a significant problem because identifying security holes is a challenge for disruptive actors.

“If they only change their native code they can do whatever they want,” warns Hazum, “from clickers to banks to MRATs (Trojan smartphone remote access). It is sponsored by the Ecosystem. Unless Google Play’s present condition is the same we’ll see more malware moving to those techniques.

Only a few days earlier, Google revealed that its platforms ‘ higher-profile customers, all who are registered in its Advanced Security Plan, will no longer be able to access applications from any Play Store sores bar. Documents like this one show that given these safeguards, threats still exist. Consumers are also responsible for taking care of their download, excluding frivolous devices, like, it seems, games for kids.

The list of games for infected kids is here:

  1. caracal.raceinspace.astronaut

  2. com.caracal.cooking

  3. com.leo.letmego

  4. com.pantanal.aquawar

  5. com.pantanal.dressup

  6. banz.stickman.runner.parkour

  7. com.banzinc.littiefarm

  8. com.folding.blocks.origami.mandala

  9. com.goldencat.hillracing

  10. com.hexa.puzzle.hexadom

  11. com.ichinyan.fashion

  12. com.maijor.cookingstar

  13. com.major.zombie

  14. com.nyanrev.carstiny

  15. com.pantanal.stickman.warrior

  16. com.splashio.mvm

  17. leo.unblockcar.puzzle

  18. biaz.jewel.block.puzzle2019

  19. biaz.magic.cuble.blast.puzzle

  20. com.inunyan.breaktower

  21. com.leo.spaceship

  22. fortuneteller.tarotreading.horo

  23. ket.titan.block.flip

  24. com.leopardus.happycooking

  25. com.caracal.burningman

  26. com.cuvier.amazingkitchen

And here’s the list of compromised utility apps:

  1. com.caculator.biscuitent

  2. inferno.me.translator

  3. translate.travel.map

  4. travel.withu.translate

  5. allday.a24h.translate

  6. best.translate.tool

  7. com.bestcalculate.multifunction

  8. com.mimochicho.fastdownloader

  9. com.pdfreader.biscuit

  10. com.yeyey.translate

  11. mcmc.delicious.recipes

  12. mcmc.delicious.recipes

  13. multi.translate.threeinone

  14. pro.infi.translator

  15. rapid.snap.translate

  16. smart.language.translate

  17. sundaclouded.best.translate

  18. biscuitent.imgdownloader

  19. biscuitent.instant.translate

  20. com.besttranslate.biscuit

  21. com.michimocho.video.downloader

  22. mcmc.ebook.reader

  23. swift.jungle.translate

  24. com.mcmccalculator.free

  25. com.tapsmore.challenge

  26. com.yummily.healthy.recipes

  27. com.hexamaster.anim

  28. com.twmedia.downloader

  29. bis.wego.translate

  30. com.arplanner.sketchplan

  31. com.arsketch.quickplan

  32. com.livetranslate.best

  33. com.lulquid.calculatepro

  34. com.smart.tools.pro

  35. com.titanyan.igsaver

  36. hvt.ros.digiv.weather.radar

  37. md.titan.translator

  38. scanner.ar.measure

  39. toolbox.artech.helpful

  40. toolkit.armeasure.translate

#Fresh #Android #Threat