Official forum for Utopia Community
You are not logged in.
Versioning is a tactic used by threat actors to target Android users and avoid being detected as malware by the Google Play Store.
The Google Cybersecurity Action Team (GCAT) stated in its August 2023 Threat Horizons Report, which was shared with The Hacker News, that "campaigns using versioning commonly target users' credentials, data, and finances.".
Although versioning is not a recent occurrence, it can be subtle and challenging to identify. By using this technique, an app developer publishes an initial version of the app on the Play Store, which later gets updated with malware and passes Google's pre-publication checks.
This is done by using a technique known as dynamic code loading (DCL) to push an update from an attacker-controlled server that serves malicious code on the end user device, essentially converting the app into a backdoor.
An application called "iRecorder - Screen Recorder" was found by ESET earlier this May. It was safe to use for almost a year after it was first added to the Play Store before malicious modifications were surreptitiously added to spy on its users.
SharkBot, which has displayed up on the Play Store several times under the guise of security and utility apps, is another instance of malware that uses the DCL technique.
Utilizing the Automated Transfer Service (ATS) protocol, SharkBot is a financial trojan that starts unapproved money transfers from infected devices.
Shop Google Play.
In an attempt to draw less attention, dropper applications that show up on the storefront have limited functionality and, once installed by the victims, download the full version of the malware.
"Defense-in-depth principles, such as restricting application installation sources to reliable sources like Google Play or using a mobile device management (MDM) platform to manage corporate devices, are necessary in an enterprise setting, as versioning demonstrates," the enterprise said.
The findings coincide with ThreatFabric's disclosure, as KrebsOnSecurity reports, that malware distributors have been using an Android bug to disguise malicious apps as benign by "corrupting components of an app," leaving the app intact.
"Perpetrators may simultaneously have multiple apps published in the store under distinct developer accounts; only one of these apps is malicious; the other serves as a backup to be utilized following removal," the June report from the Dutch cybersecurity firm stated.
"This strategy reduces the amount of time required for actors to launch another dropper and carry on the distribution campaign, enabling them to sustain extremely lengthy campaigns. ".
It is advised that Android users download apps only from reliable sources and turn on Google Play Protect to get alerts whenever a potentially harmful app (PHA) is discovered on the device in order to reduce any potential risks.
Offline
Versioning is indeed a cunning tactic employed by threat actors to infiltrate the Google Play Store undetected. This method allows them to initially present harmless apps, passing through Google's security checks, only to later update them with malicious code
Offline
Versioning is indeed a cunning tactic employed by threat actors to infiltrate the Google Play Store undetected. This method allows them to initially present harmless apps, passing through Google's security checks, only to later update them with malicious code
The use of dynamic code loading further complicates detection, making it a potent weapon for cybercriminals. As such, it's imperative for both users and app stores to remain vigilant and implement stringent security measures to thwart these threats.
Offline
crpuusd;38225 wrote:Versioning is indeed a cunning tactic employed by threat actors to infiltrate the Google Play Store undetected. This method allows them to initially present harmless apps, passing through Google's security checks, only to later update them with malicious code
The use of dynamic code loading further complicates detection, making it a potent weapon for cybercriminals. As such, it's imperative for both users and app stores to remain vigilant and implement stringent security measures to thwart these threats.
While versioning poses a significant threat to Android users, it's not an insurmountable challenge for cybersecurity efforts. The key lies in proactive detection and prevention strategies. By continuously monitoring app behavior and scrutinizing updates, security teams can identify suspicious activities and take appropriate action.
Offline
gap;38226 wrote:crpuusd;38225 wrote:Versioning is indeed a cunning tactic employed by threat actors to infiltrate the Google Play Store undetected. This method allows them to initially present harmless apps, passing through Google's security checks, only to later update them with malicious code
The use of dynamic code loading further complicates detection, making it a potent weapon for cybercriminals. As such, it's imperative for both users and app stores to remain vigilant and implement stringent security measures to thwart these threats.
While versioning poses a significant threat to Android users, it's not an insurmountable challenge for cybersecurity efforts. The key lies in proactive detection and prevention strategies. By continuously monitoring app behavior and scrutinizing updates, security teams can identify suspicious activities and take appropriate action.
To my understanding, enhancing pre-publication checks on the Play Store can help mitigate the risk of malicious apps slipping through the cracks. Collaboration between security researchers, app developers, and platform providers is essential to stay one step ahead of evolving threats like versioning.
Offline