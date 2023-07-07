



Two separate spyware-laden malicious apps were found lurking in the Google Play store, and they were loaded with zero-click spyware that directed them to China.

According to Pradeo’s new security alert, both applications that tracked the same developer together affected an estimated 1.5 million users. Google removed the app within hours of receiving the notification, the researchers added.

Spyware app relied on elevated permissions

According to Pradeo, most malicious apps rely on the victim actually using the app to deliver malware, but these relied instead on permissions.

“Users often end up installing applications they don’t even use,” says the security alert. “For most malware, this means the attack has failed. To overcome that obstacle, file managers, file recovery and data recovery can induce a device reboot through the advanced privileges they use. This will allow the app to start and run.” will automatically run on reboot. “

Pradeo researcher Roxane Suau told Dark Reading that, in addition to file manager applications, junk cleaner apps also require elevated privileges to perform their tasks and are often spoofed for malicious purposes. Did.

According to Melissa Bishopping, director of endpoint security research at Tanium, the spyware app not only granted sneaky permissions, but also misrepresented the amount of data it collected, making the application security available on the Google Play store unreliable. A management warning was raised, he said.

BYOD policies increase risk

“Users are often encouraged to trust the data privacy and safety reports on the apps’ pages within the store, but this type of deception is not only applicable to the apps analyzed in Pradeo’s report, but also to It undermines trust in all apps,” Bishopping said. “With over 3.5 million apps in the store, a detailed analysis of how each app complies with prescribed privacy and security practices would be a daunting task. The apparent inaccuracies of the publication indicate a need for greater security” scrutiny and control over what is published. “

Bischoping points out that the damage these malicious applications can do to businesses increases dramatically with the addition of BYOD (Bring Your Own Device) policies.

“‘Bring your own device’ policies often make mobile devices unmanageable in large organizations,” she explains. “For this reason, we have no control over what apps employees can install and how much access those apps are granted. It is important to weigh the benefits against

Corporate-owned devices need controls to limit the download of these applications, Mike Parkin, senior technical engineer at Vulcan Cyber, tells Dark Reading.

“Corporate-owned devices should already be doing this,” Parkin says. “If they own the device, they have the right to restrict what goes on it.”

For organizations with BYOD policies, it’s even more difficult to impose limits on app downloads because users own the devices and may be hesitant to do so, Perkin added. “However, it would be appropriate for them to publish their expectations and block infected devices from accessing corporate assets if necessary.”

Malicious applications are nothing new, but John Gallagher, vice president of Viakoo Labs, said incidents like these two spyware apps found in the Google Play store have led corporate security teams to implement their own policies. I hope that it will give you an opportunity to reconsider.

“The ability for an application to inflate downloads, grant more privileges than it should, or violate privacy policies and laws are all existing attack vectors,” Gallagher said. “These newly discovered threats may encourage more organizations to inspect company-provided devices for such apps and monitor network traffic to detect problems. I have.”

