GeekPolice Tech TutorialsLog in

 


Surveillance Malware Apps Found in Google Play

Share

20180416
Surveillance Malware Apps Found in Google Play

Surveillance Malware Apps Found in Google Play
Surveillance Malware Apps Found in Google Play ISfsnuE

Security specialists have discovered two separate occasions of hackers using Android apps to conduct highly targeted surveillance in the Middle East. Hackers pushing nation-state-style surveillance malware recently scored a major coup by getting three advanced malicious applications hosted in Google's official Play marketplace, researchers said.

The apps are built from two separate families of surveillance-focused malware, both targeting around a thousand unsuspecting users. The so-called ViperRAT malware was incorporated into two apps, and it has previously targeted members of the Israeli Defense Force. Another app takes two malware types, called Desert Scorpion and FrozenCell, to spy on targets in Palestine.

In the case of the ViperRAT apps, built with a focus on social networking and chat, the apps, once installed, would profile the device and try to download a second-stage surveillance component. That downloaded component gave an attacker "a considerable amount of control over a compromised device." The threat actor's motivations remain unclear.

The Desert Scorpion app also uses a second-stage payload that downloads malicious components when a user interacts with the app. That component gains almost unfettered access to the device -- and the ability to grab devices, metadata, track a user's locations, send messages, record surrounding audio, calls, and video -- all while running silently in the background.

An analysis of the Desert Scorpion app showed that its malicious functionality was not included in the app when submitted to Google Play, it was downloaded later when the user was interacting with the app.

In both cases, the actors behind the malicious apps used phishing schemes to trick targets into downloading the apps. But what makes the apps so effective is that they were downloadable from Android's official app store, Google Play, lending the apps a level of credibility.

With ViperRAT, the malicious functionality within one of the apps looks almost indistinguishable from other social networking apps and obfuscated from view during the app store approval process.

After Lookout reached out, Google removed the apps from the app store.

The existence of ViperRAT and Desert Scorpion on Google Play showcases that actors are continuing to 'tune' their malware to get past early stage detections and make it into first-party app stores.These techniques include not shipping the malicious functionality of an app until a second stage that is triggered by some behavior. Surveillanceware is able to hide its malicious functionality in the noise of social networking and chat apps because they request many of the same permissions.
remove_circleSimilar topics

Comments

Dr Jay
Most newer Android OSes make permissions on demand. Usually, app makers will only request the permission on demand when that functionality is necessary to help the app maintain its goal. However, it is shown the likelihood increases of a person saying yes to certain permissions if the permission is requested immediately when opening the app, which tricks the user into thinking that permission is required for the app to operate properly.
FreeBooter
I use to have a Android those apps when installing ask for your permission for many thing one needs to be careful when given permissions to a app.
Dr Jay
Yes, I only enable a permission if I absolutely need to do so! I even have data restrictions turned on for most of my apps to prevent them sending and receiving my personal data.
FreeBooter
I have installed Speech to Text app it was asking to access my phone camera so one needs to be very careful when giving permissions to apps they install
.
Permissions in this forum:
You cannot reply to topics in this forum