Even later therefore many efforts past times Google similar launching bug bounty program in addition to preventing apps from using Android accessibility services, malicious applications somehow contend to come inwards Play Store in addition to infect people with malicious software.
The same happened i time over again when safety researchers discovered at to the lowest degree 85 applications inwards Google Play Store that were designed to pocket credentials from users of Russian-based social network VK.com in addition to were successfully downloaded millions of times.
The most pop of all masqueraded equally a gaming app with to a greater extent than than a i K one thousand downloads. When this app was initially submitted inwards March 2017, it was only a gaming app without whatever malicious code, according to a spider web log postal service published Tuesday past times Kaspersky Lab.
However, later waiting for to a greater extent than than 7 months, the malicious actors behind the app updated it with information-stealing capabilities inwards Oct 2017.
Besides this gaming app, the Kaspersky researchers flora 84 such apps on Google Play Store—most of them were uploaded to the Play Store inwards Oct 2017 in addition to stealing credentials for VK.com users.
Other pop apps that were highly pop alongside users include 7 apps with betwixt 10,000 in addition to 100,000 installations, nine with betwixt 1,000 in addition to 10,000 installations, in addition to residual of all had fewer than 1,000 installations.
The apps used an official SDK for VK.com but slightly modified it with malicious JavaScript code inwards an endeavor to pocket users' credentials from the criterion login page of VK in addition to overstep them dorsum to the apps.
Since these apps looked similar they came from VK.com – for listening to music or for monitoring user page visits, requiring a user to login into his/her work concern human relationship through a criterion login page did non await suspicious at all.
The stolen credentials were therefore encrypted in addition to uploaded to a remote server controlled past times the attackers.
The cybercriminals behind these apps had been publishing their malicious apps on the Play Store for to a greater extent than than 2 years, therefore all they had to create is alteration their apps to evade detection.
Since VK.com is pop to a greater extent than oft than non alongside users inwards CIS countries, the malicious apps were targeting Russian, Ukrainian, Kazakh, Armenian, Azerbaijani, Romanian, Belarusian, Kyrgyz, Tajik, in addition to Uzbek users.
The apps did therefore past times get-go checking the device linguistic communication in addition to asked for login credentials from users with i of the above-mentioned languages.
In addition, researchers also noted that they flora several other apps on Google Play Store that were submitted past times the same cyber criminals in addition to published equally unofficial clients for the pop messaging app Telegram.
"These apps were non exclusively masquerading equally Telegram apps, they were genuinely built using an opened upward source Telegram SDK in addition to piece of work near similar every other such app," the researchers said, adding that these apps also add together infected users to promoted groups/chats based on a listing received from their server.
All the apps, including the credential-stealing apps (detected equally Trojan-PSW.AndroidOS.MyVk.o) in addition to malicious Telegram clients (detected equally not-a-virus:HEUR:RiskTool.AndroidOS.Hcatam.a), convey since been removed past times Google from the Play Store.
However, those who convey already installed i of the higher upward apps on their mobile devices should brand certain their devices convey Google Play Protect enabled.
Play Protect is Google's newly launched safety characteristic that uses auto learning in addition to app usage analysis to take (uninstall) malicious apps from users Android smartphones to preclude farther harm.
Although it is a never-ending concern, the best agency to protect yourself is ever to move vigilant when downloading apps from Google's official Play Store, in addition to ever verify app permissions in addition to reviews earlier y'all download one.
Moreover, y'all are strongly advised to ever acquire out on a practiced antivirus app on your mobile device that tin forcefulness out discovery in addition to block such malicious apps earlier they tin forcefulness out infect your device, in addition to ever acquire out on your device in addition to apps up-to-date.
The same happened i time over again when safety researchers discovered at to the lowest degree 85 applications inwards Google Play Store that were designed to pocket credentials from users of Russian-based social network VK.com in addition to were successfully downloaded millions of times.
The most pop of all masqueraded equally a gaming app with to a greater extent than than a i K one thousand downloads. When this app was initially submitted inwards March 2017, it was only a gaming app without whatever malicious code, according to a spider web log postal service published Tuesday past times Kaspersky Lab.
However, later waiting for to a greater extent than than 7 months, the malicious actors behind the app updated it with information-stealing capabilities inwards Oct 2017.
Besides this gaming app, the Kaspersky researchers flora 84 such apps on Google Play Store—most of them were uploaded to the Play Store inwards Oct 2017 in addition to stealing credentials for VK.com users.
Other pop apps that were highly pop alongside users include 7 apps with betwixt 10,000 in addition to 100,000 installations, nine with betwixt 1,000 in addition to 10,000 installations, in addition to residual of all had fewer than 1,000 installations.
Here's How Cyber Criminals Steal Your Account Credentials:
The apps used an official SDK for VK.com but slightly modified it with malicious JavaScript code inwards an endeavor to pocket users' credentials from the criterion login page of VK in addition to overstep them dorsum to the apps.
Since these apps looked similar they came from VK.com – for listening to music or for monitoring user page visits, requiring a user to login into his/her work concern human relationship through a criterion login page did non await suspicious at all.
The stolen credentials were therefore encrypted in addition to uploaded to a remote server controlled past times the attackers.
"The interesting matter is that although most of these malicious apps had a described functionality, a few of them were slightly different—they also used malicious JS code from the OnPageFinished method, but non exclusively for extracting credentials but for uploading them too," Kaspersky said.Researchers believe that the cybercriminals exercise stolen credentials to a greater extent than oft than non for promoting groups inwards VK.com, past times silently adding users to promote diverse groups in addition to increase their popularity past times doing so, since they received complaints from about infected users that their accounts had been silently added to unknown groups.
The cybercriminals behind these apps had been publishing their malicious apps on the Play Store for to a greater extent than than 2 years, therefore all they had to create is alteration their apps to evade detection.
Since VK.com is pop to a greater extent than oft than non alongside users inwards CIS countries, the malicious apps were targeting Russian, Ukrainian, Kazakh, Armenian, Azerbaijani, Romanian, Belarusian, Kyrgyz, Tajik, in addition to Uzbek users.
The apps did therefore past times get-go checking the device linguistic communication in addition to asked for login credentials from users with i of the above-mentioned languages.
In addition, researchers also noted that they flora several other apps on Google Play Store that were submitted past times the same cyber criminals in addition to published equally unofficial clients for the pop messaging app Telegram.
"These apps were non exclusively masquerading equally Telegram apps, they were genuinely built using an opened upward source Telegram SDK in addition to piece of work near similar every other such app," the researchers said, adding that these apps also add together infected users to promoted groups/chats based on a listing received from their server.
How to Protect Your Device From Such Malicious Apps
All the apps, including the credential-stealing apps (detected equally Trojan-PSW.AndroidOS.MyVk.o) in addition to malicious Telegram clients (detected equally not-a-virus:HEUR:RiskTool.AndroidOS.Hcatam.a), convey since been removed past times Google from the Play Store.
However, those who convey already installed i of the higher upward apps on their mobile devices should brand certain their devices convey Google Play Protect enabled.
Play Protect is Google's newly launched safety characteristic that uses auto learning in addition to app usage analysis to take (uninstall) malicious apps from users Android smartphones to preclude farther harm.
Although it is a never-ending concern, the best agency to protect yourself is ever to move vigilant when downloading apps from Google's official Play Store, in addition to ever verify app permissions in addition to reviews earlier y'all download one.
Moreover, y'all are strongly advised to ever acquire out on a practiced antivirus app on your mobile device that tin forcefulness out discovery in addition to block such malicious apps earlier they tin forcefulness out infect your device, in addition to ever acquire out on your device in addition to apps up-to-date.