Fresh Android Threat
Fresh Android Threat — Google just pulled out of the Play Store all these ‘ malicious ‘ games
“I truly feel,” Aviran Hazum of Check Point tells me, “that this shows the potential of criminal actors to change and resolve existing obstacles to accessing a wider market by infiltrating Google Play and overcoming Google’s review method. These two malware families together (Haken and Tekya) show Google Play’s ability to guard against the detection of malware by native code.
Android users are now being warned that 66 apps used this native technology technique to beat the scanning program in Google’s Play Store, applications installed more than a million times. And what’s more, even worse, is that kids were aimed at 26 of those apps — racing games and guessing, and playing games with chefs. The rest were useless — translates, calculators, ebook readers — easy to survive without amenities.
Google has deleted all of the compromised applications after it published its results, according to Check Point. The remainder were removed by the evil hacker himself when, so to speak, it knew the game was finished. Google had no malware comment, but reported that all the applications were pulled from the Play Store. Those apps are listed below — uninstall them now if you have any installed.
All 66 applications were designed to commit ad fraud, basically fake clicks to produce a healthy profit for their developers at the detriment of advertisers. Those 66 applications alone have the ability to raise millions of revenue, according to Check Point. And these applications blend straight into the mainstream, viewing “posts and banners from companies such as Google’s AdMob, AppLovin, Twitter, and Unity.
The malware operates by manipulating the “MotionEvent” feature of Androids, imitating the action of a person, tricking the ad into believing it has been clicked on. “VirusTotal and Google Play Safe went undetected in the Tekya malware collection,” says Check Point. Operators of the malware decompiled and cloned real, famous apps which were then renamed and taken back to the store with the smartphone adware included.
“There’s nothing wrong with native code,” states Hazum, “except in this situation the entire malicious code within Tekya is in the native language. Javascript is used in most programs, storing several instructions and APIs. Native technology doesn’t have all that — it’s a script of lesser quality. A review of native technology is much easier. As all of Tekya’s malicious code is native code. This could disable Google Security. ‘
“It once again highlights that the Google Play Store will still host malicious software,” warns Check Point. “The store has nearly 3 million applications available, with hundreds of new applications added daily — making it impossible to verify if any single app is free. Users can not rely on security measures taken by Google Play alone to ensure their devices are secured.
Adware like this is frequently dismissed as being more annoyance than a hazard. But a bad app is a bad app, so you’re vulnerable if there’s a loophole open on your computer. A few weeks ago, Google dumped a mass of apps that it believed were perpetuating exactly such fraud, many of which belonged to a Chinese developer identified as one. It is obviously a significant problem because identifying security holes is a challenge for disruptive actors.
“If they only change their native code they can do whatever they want,” warns Hazum, “from clickers to banks to MRATs (Trojan smartphone remote access). It is sponsored by the Ecosystem. Unless Google Play’s present condition is the same we’ll see more malware moving to those techniques.
Only a few days earlier, Google revealed that its platforms ‘ higher-profile customers, all who are registered in its Advanced Security Plan, will no longer be able to access applications from any Play Store sores bar. Documents like this one show that given these safeguards, threats still exist. Consumers are also responsible for taking care of their download, excluding frivolous devices, like, it seems, games for kids.
The list of games for infected kids is here:
-
caracal.raceinspace.astronaut
-
com.caracal.cooking
-
com.leo.letmego
-
com.pantanal.aquawar
-
com.pantanal.dressup
-
banz.stickman.runner.parkour
-
com.banzinc.littiefarm
-
com.folding.blocks.origami.mandala
-
com.goldencat.hillracing
-
com.hexa.puzzle.hexadom
-
com.ichinyan.fashion
-
com.maijor.cookingstar
-
com.major.zombie
-
com.nyanrev.carstiny
-
com.pantanal.stickman.warrior
-
com.splashio.mvm
-
leo.unblockcar.puzzle
-
biaz.jewel.block.puzzle2019
-
biaz.magic.cuble.blast.puzzle
-
com.inunyan.breaktower
-
com.leo.spaceship
-
fortuneteller.tarotreading.horo
-
ket.titan.block.flip
-
com.leopardus.happycooking
-
com.caracal.burningman
-
com.cuvier.amazingkitchen
And here’s the list of compromised utility apps:
-
com.caculator.biscuitent
-
inferno.me.translator
-
translate.travel.map
-
travel.withu.translate
-
allday.a24h.translate
-
best.translate.tool
-
com.bestcalculate.multifunction
-
com.mimochicho.fastdownloader
-
com.pdfreader.biscuit
-
com.yeyey.translate
-
mcmc.delicious.recipes
-
mcmc.delicious.recipes
-
multi.translate.threeinone
-
pro.infi.translator
-
rapid.snap.translate
-
smart.language.translate
-
sundaclouded.best.translate
-
biscuitent.imgdownloader
-
biscuitent.instant.translate
-
com.besttranslate.biscuit
-
com.michimocho.video.downloader
-
mcmc.ebook.reader
-
swift.jungle.translate
-
com.mcmccalculator.free
-
com.tapsmore.challenge
-
com.yummily.healthy.recipes
-
com.hexamaster.anim
-
com.twmedia.downloader
-
bis.wego.translate
-
com.arplanner.sketchplan
-
com.arsketch.quickplan
-
com.livetranslate.best
-
com.lulquid.calculatepro
-
com.smart.tools.pro
-
com.titanyan.igsaver
-
hvt.ros.digiv.weather.radar
-
md.titan.translator
-
scanner.ar.measure
-
toolbox.artech.helpful
-
toolkit.armeasure.translate
#Fresh #Android #Threat