in ,

Google Play’s malicious app problem infects 1.7 million more devices, Ars Technica

Google Play’s malicious app problem infects 1.7 million more devices, Ars Technica

      THINK OF THE CHILDREN –

             

Apps went undetected by Google and antivirus scanners.

      

      

           

Tekya is a family of malware that generates fraudulent clicks on ads and banners delivered by agencies including Google’s AdMob, AppLovin ‘, Facebook, and Unity. To give the clicks the air of authenticity, the well-obfuscated code causes infected devices to use Android’s “MotionEvent” mechanism to imitate legitimate user actions. At the time researchers from security firm Check Point discovered them, the apps went undetected by VirusTotal and Google Play Protect. Twenty-four of the apps that contained Tekya were marketed to children. Google removed all 56 of the apps after Check Point reported them.

The discovery “highlights once again that the Google Play Store can still host malicious apps,” Check Point researchers Israel Wernik, Danil Golubenko, and Aviran Hazum wrote in a

post published on Tuesday . “There are nearly 3 million apps available from the store, with hundreds of new apps being uploaded daily – making it difficult to check that every single app is safe. Thus, users cannot rely on Google Play’s security measures alone to ensure their devices are protected. ”

Going native

To make the malicious behavior harder to detect, the apps were written in native Android code — typically in the C and C programming languages. Android apps usually use Java to implement logic. The interface of that language provides developers with the ease of accessing multiple layers of abstraction. Native code, by contrast, is implemented in a much lower level. While Java can easily be decompiled — a process that converts binaries back into human-readable source code — it’s much harder to do this with native code.

Once installed, the Tekya apps register a broadcast receiver that carries out multiple actions, including:

BOOT_COMPLETED to allow code running at device startup (“cold” startup)

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Firefly targets summer launch, unveils plans for lunar delivery service, Ars Technica

Firefly targets summer launch, unveils plans for lunar delivery service, Ars Technica

IPL 2020 cancellation on cards after 21-day lockdown due to Covid-19 – India Today, Indiatoday.in

IPL 2020 cancellation on cards after 21-day lockdown due to Covid-19 – India Today, Indiatoday.in