1 month ago

Password Stealing Apps With Over A Million Downloads Found On Google Play Store


Even after so many efforts by Google like launching bug bounty program as well as preventing apps through using Android accessibility services, malicious applications somehow manage to get into Play Store as well as infect people with malicious software.

The same happened Yet again when security researchers discovered at least 85 applications in Google Play Store in which were designed to steal credentials through users of Russian-based social network VK.com as well as were successfully downloaded millions of times.

The most common of all masqueraded as a gaming app with more than a million downloads. When This specific app was initially submitted in March 2017, the item was just a gaming app without any malicious code, according to a blog post published Tuesday by Kaspersky Lab.

However, after waiting for more than seven months, the malicious actors behind the app updated the item with information-stealing capabilities in October 2017.

Besides This specific gaming app, the Kaspersky researchers found 84 such apps on Google Play Store—most of them were uploaded to the Play Store in October 2017 as well as stealing credentials for VK.com users.

some other common apps in which were highly common among users include seven apps with between 10,000 as well as 100,000 installations, nine with between 1,000 as well as 10,000 installations, as well as rest of all had fewer than 1,000 installations.

Here’s How Cyber Criminals Steal Your Account Credentials:

The apps used an official SDK for VK.com yet slightly modified the item with malicious JavaScript code in an effort to steal users’ credentials through the standard login page of VK as well as pass them back to the apps.

Since these apps looked like they came through VK.com – for listening to music or for monitoring user page visits, requiring a user to login into his/her account through a standard login page did not look suspicious at all.

The stolen credentials were then encrypted as well as uploaded to a remote server controlled by the attackers.

“The interesting thing is usually in which although most of these malicious apps had a described functionality, a few of them were slightly different—they also used malicious JS code through the OnPageFinished method, yet not only for extracting credentials yet for uploading them too,” Kaspersky said.

Researchers believe in which the cybercriminals use stolen credentials mostly for promoting groups in VK.com, by silently adding users to promote various groups as well as increase their popularity by doing so, since they received complaints through some infected users in which their accounts had been silently added to unknown groups.

The cybercriminals behind these apps had been publishing their malicious apps on the Play Store for more than two years, so all they had to do is usually modify their apps to evade detection.

Since VK.com is usually common mostly among users in CIS countries, the malicious apps were targeting Russian, Ukrainian, Kazakh, Armenian, Azerbaijani, Romanian, Belarusian, Kyrgyz, Tajik, as well as Uzbek users.

The apps did so by first checking the device language as well as asked for login credentials through users with one of the above-mentioned languages.

In addition, researchers also noted in which they found several some other apps on Google Play Store in which were submitted by the same cyber criminals as well as published as unofficial clients for the common messaging app Telegram.

“These apps were not only masquerading as Telegram apps, they were actually built using an open source Telegram SDK as well as work almost like every some other such app,” the researchers said, adding in which these apps also add infected users to promoted groups/chats based on a list received through their server.

How to Protect Your Device through Such Malicious Apps

All the apps, including the credential-stealing apps (detected as Trojan-PSW.AndroidOS.MyVk.o) as well as malicious Telegram clients (detected as not-a-virus:HEUR:RiskTool.AndroidOS.Hcatam.a), have since been removed by Google through the Play Store.

However, those who have already installed one of the above apps on their mobile devices should make sure their devices have Google Play Protect enabled.

Play Protect is usually Google’s newly launched security feature in which uses machine learning as well as app usage analysis to remove (uninstall) malicious apps through users Android smartphones to prevent further harm.

Although the item is usually a never-ending concern, the best way to protect yourself is usually always to be vigilant when downloading apps through Google’s official Play Store, as well as always verify app permissions as well as reviews before you download one.

Moreover, you are strongly advised to always keep a Great antivirus app on your mobile device in which can detect as well as block such malicious apps before they can infect your device, as well as always keep your device as well as apps up-to-date.

Article Categories:
Security Hacks

Leave a Comment

Your email address will not be published. Required fields are marked *

2 × four =