Post by account_disabled on Jan 28, 2024 20:18:03 GMT -8
Google Cloud's security team has recognized a common tactic used by malicious actors to slip malware onto Android devices after bypassing the Google Play Store review process and security controls. This technique works either by introducing malicious loads through updates to already installed applications or by loading malicious code from servers under the control of threat actors Dynamic code loading (DCL) . It allows threat actors to deploy their payloads as native code, Dalvik, or JavaScript on Android devices by bypassing the app store's static analysis checks. "One way malicious actors try to circumvent Google Play's security controls is through versioning," the company said in a report this year. threat trends report . "Versioning occurs when a developer releases an initial version of an app on the Google Play Store that appears legitimate and passes our tests, but later receives an update from a third-party server that changes the code on the end-user's device to allow malicious activity allows." While Google says that all apps and patches submitted for inclusion in the Play Store undergo rigorous PHA (Potentially Harmful Program) screening, "some of these checks" go through the DCL. Play Store Security Control by Backup (DCL) Play Store Security Control by Backup.
Google explained that the applications that have been detected in such activities violate the Google Play Deceptive Behavior Policy and can be labeled as backdoor . According to Google Play Policy Center guidelines, apps distributed through Google Play are expressly prohibited from modifying, replacing, or updating themselves through any method other than Google Play's official update mechanism. Additionally, apps are strictly prohibited from downloading executable code (such as dex, JAR or .so files0) from external sources to the official Android App Store. Google also noted a specific variant Country Email List of the malware SharkBot , first reported by Cleafy's Threat Intelligence Group in October 2021 and known to use this technique in the wild. SharkBot is a banking malware that performs unauthorized money transfers via the Automated Transfer Service (ATS) protocol after an Android device is compromised. To avoid detection by the Play Store systems, the threat actors responsible for SharkBot adopted the common strategy of publishing versions with limited functionality on Google Play, hiding the suspicious nature of their apps. However.
when a user downloads a Trojan, it downloads the full version of the malware. Sharkbot has been camouflaged as an Android antivirus program and various system utilities and has successfully infected thousands of users through applications that have passed the Google Play Store submission check for malicious behavior. Cybersecurity reporter Brian Krebs also used a different malware deception technique for the same purpose, recently discovered by security researchers ThreatFabric. This method effectively breaks Google's app analysis tools, preventing them from scanning for malicious APKs (Android application packages). As a result, these malicious APKs can be successfully installed on users' devices despite being marked as invalid. Original article Twitter Facebook to your friend LinkedIn Sites Related Posts: How to download Android 12 and 12L for Google Pixel and other Android devices The best Android apps of 2017: 100 you should download Android 13 'Tiramisu': Everything you need to know about Google's big 2022 update These are the best Android phone games Android.
Google explained that the applications that have been detected in such activities violate the Google Play Deceptive Behavior Policy and can be labeled as backdoor . According to Google Play Policy Center guidelines, apps distributed through Google Play are expressly prohibited from modifying, replacing, or updating themselves through any method other than Google Play's official update mechanism. Additionally, apps are strictly prohibited from downloading executable code (such as dex, JAR or .so files0) from external sources to the official Android App Store. Google also noted a specific variant Country Email List of the malware SharkBot , first reported by Cleafy's Threat Intelligence Group in October 2021 and known to use this technique in the wild. SharkBot is a banking malware that performs unauthorized money transfers via the Automated Transfer Service (ATS) protocol after an Android device is compromised. To avoid detection by the Play Store systems, the threat actors responsible for SharkBot adopted the common strategy of publishing versions with limited functionality on Google Play, hiding the suspicious nature of their apps. However.
when a user downloads a Trojan, it downloads the full version of the malware. Sharkbot has been camouflaged as an Android antivirus program and various system utilities and has successfully infected thousands of users through applications that have passed the Google Play Store submission check for malicious behavior. Cybersecurity reporter Brian Krebs also used a different malware deception technique for the same purpose, recently discovered by security researchers ThreatFabric. This method effectively breaks Google's app analysis tools, preventing them from scanning for malicious APKs (Android application packages). As a result, these malicious APKs can be successfully installed on users' devices despite being marked as invalid. Original article Twitter Facebook to your friend LinkedIn Sites Related Posts: How to download Android 12 and 12L for Google Pixel and other Android devices The best Android apps of 2017: 100 you should download Android 13 'Tiramisu': Everything you need to know about Google's big 2022 update These are the best Android phone games Android.