Hackers have come up with yet another way to get around Google’s defenses in order to get their malware-filled apps on the Google Play Store.
According to a new report (opens in new tab) from the cybersecurity firm Kaspersky, malicious loader programs are being sold on dark web marketplaces, priced from $2,000 all the way up to $20,000. These programs enable hackers to hide malware in legitimate apps in such a way that prevents Google from detecting it.
Also known as dropper apps, these programs often present themselves as legitimate software. Then, after clearing the Play Store’s review process, they then gain malicious updates from a server controlled by hackers. Their creators often wait until the apps have a large user base before adding malware to them, to infect the maximum amount of users.
In its report, Kaspersky notes that “the most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners and even dating apps.”
While loader programs are used to inject malware into clean apps according to The Hacker News (opens in new tab), the users who download them are prompted to grant these apps extra permissions that are used to facilitate malicious activities. Likewise, some of these apps utilize can detect if they are being debugged, analyzed or installed in a sandboxed environment. If this is the case, they halt their malicious activities to prevent being analyzed by security researchers.
Fake developer accounts and APK binding services
Loader programs aren’t the only way hackers are sneaking malware onto the Google Play Store.
Kaspersky also highlights the fact that hackers are buying hacked or newly created Google Play developer accounts for $60-$200 on dark web marketplaces as well. At the same time, developer accounts that don’t have a strong password or two-factor authentication (2FA) enabled can be easily cracked and put up for sale. This is actually worse as hackers can then upload malware to existing apps, many of which already have a large user base.
APK binding services are yet another way hackers can get their malware into legitimate apps. They are used to hide malicious APK files (or Android installation files) inside another app to distribute malware through fake sites or phishing text messages.
One reason APK binding services are more popular is that they cost significantly less than loader programs due to the fact that the malicious apps they contain are not available through the Play Store.
How to stay safe from malicious apps
To avoid having your Android smartphone infected with malware, the first thing you need to do is limit the number of apps on your device. Sure, an app may be free but that doesn’t mean it’s worth downloading. Instead, you need to carefully pick and choose which apps you have installed on your smartphone.
When installing new apps, you want to first check their rating and read reviews on the Play Store. However, as these can be faked, you also want to look for external reviews on other sites while video reviews are ideal since you can see the app in question in action.
Security is like a game of cat and mouse and even as Google bolsters the Play Store’s defenses against malware and malicious apps, hackers will find a new way to bypass these restrictions.
For additional protection though, you also want to install one of the best Android antivirus apps on your phone and make sure that Google Play Protect is enabled as it continually scans your existing apps as well as any new ones you download for malware.
Security is like a game of cat and mouse and even as Google bolsters the Play Store’s defenses against malware and malicious apps, hackers will find a new way to bypass these restrictions. This is why you need to be careful when installing new apps, even on one of the best Android phones.
More from Tom’s Guide
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
