Hundreds of Scam Apps Hit 10 Million Android Devices
Taken by Google more sophisticated measures to continue harmful apps except on Google Play. But a new phase of removal involving about 200 applications and more than 10 million potential victims has shown that this long-standing problem remains far from being solved-and in this case, it is possible which will cost users hundreds of millions of dollars.
Researchers from mobile security firm Zimperium say that widespread campaign of fraud hacked Android from November 2020. As is often the case, attackers have sneaked into nice-looking apps like “Handy Translator Pro,” “Heart Rate and Pulse Tracker,” and “Bus- Metrolis 2021 ”on Google Play as fronts for something even worse. After downloading one of the malicious apps, a victim will receive a flood of notifications, five hours long, prompting them to “confirm” their phone number to win a prize. . The “prize” claim page is loaded via an in-app browser, a common method for maintaining harmless tokens from the code in the app itself. Once a user enters their digits, attackers sign them up for a monthly recurring fee of about $ 42 via the premium SMS service on wireless bills. This is a mechanism that will usually allow you to pay for digital services or, as such, send money to a charity via text message. In this case, it goes straight to the curves.
The methods are common in malicious apps in the Play Store, and premium SMS fraud especially the famous issue. Although researchers say it’s important that attackers are aware of known tactics in a way that’s more effective-and in large numbers-even if Google continues to improve Android security and Play Store protections.
“It’s a strange delivery in terms of scale,” said Richard Melick, Zimperium’s director of product strategy for security at the end point. “They’ve pushed the full step of methods in all categories; these methods are refined and proven. And it’s really a carpet bombing effect when it comes to the number of apps. One can ‘ g succeed, one may not, and that is good. ”
The operation targeted Android users in more than 70 countries and specifically checked their IP addresses to determine their geographical regions. The app will display primary language webpages in that location to make the experience even more compelling. Malware operators are careful not to reuse URLs, which can make it easier for security researchers to track them. And the content created by the attackers is of high quality, without the typos and grammatical errors that can give rise to many obvious scams.
Zimperium is a member of Google’s App Defense Alliance, a coalition of third -party companies that can help keep tabs on Play Store malware, and the company unveiled a so -called GriftHorse campaign as part of the collaboration. Google says all apps identified by Zimperium have been removed from the Play Store and banned by the corresponding app developers.
However, the researchers point out that the apps-most of which have hundreds of thousands of downloads-are still available through third-party app stores. They also note that while premium SMS fraud is an old chestnut, it is still effective because malicious allegations often don’t show up until a victim’s next wireless bill. If attackers get their apps on business devices, they can even trick employees of many corporations into signing up for charges that may go unnoticed for years on the phone number of company.
Even if the acquisition of multiple apps slows down GriftHorse’s campaign today, researchers point out that new variations will always reap.
“These attackers are organized and professional. They built it as a business, and they just won’t keep it going,” said Shridhar Mittal, CEO of Zimperium. “I’m sure it’s not a coincidence.”
More WIRED Stories