Google Play Malware Infects 600,000 Devices
Posted by: Timothy Weaver on 04/27/2017 12:32 PM
[
Comments
]
Check Point is warning gamers to be aware that 40 guide apps for games on Google play were infected with malware.
Check Point's report has revealed that gamers have downloaded the apps more than 50,000 times and it has infected an estimated 600,000 devices.
Check Point informed Google and the offending apps were removed, however, as of the beginning of April, two more apps were discovered.
If downloaded, the malware links the machine into a botnet that is used to distribute adware.
"The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app."
If the link is established, the malware can "receive messages containing links to additional modules and download them to the infected device."
According to the researchers, the modules delivered "highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks."
"This malware follows in the footsteps of DressCode and other mobile botnets spreading through Google Play. This time, the malware hides its malicious intention by leaving minimal functionality on the app itself and relying on communication with its command and control server for the rest."
Mobile botnets are becoming very popular with criminals. "They yield great profits to the attackers, and can be used for various purposes, which don't have to be predefined. In addition, the malicious intents stay hidden until a late stage of the attack, allowing the malware to slip into Google Play."
The Check Point team concluded: "The fact that yet another malware spread via Google Play proves once again that users need mobile security solutions to stay protected."
Source: SCMagazine
Check Point's report has revealed that gamers have downloaded the apps more than 50,000 times and it has infected an estimated 600,000 devices.Check Point informed Google and the offending apps were removed, however, as of the beginning of April, two more apps were discovered.
If downloaded, the malware links the machine into a botnet that is used to distribute adware.
"The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app."
If the link is established, the malware can "receive messages containing links to additional modules and download them to the infected device."
According to the researchers, the modules delivered "highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks."
"This malware follows in the footsteps of DressCode and other mobile botnets spreading through Google Play. This time, the malware hides its malicious intention by leaving minimal functionality on the app itself and relying on communication with its command and control server for the rest."
Mobile botnets are becoming very popular with criminals. "They yield great profits to the attackers, and can be used for various purposes, which don't have to be predefined. In addition, the malicious intents stay hidden until a late stage of the attack, allowing the malware to slip into Google Play."
The Check Point team concluded: "The fact that yet another malware spread via Google Play proves once again that users need mobile security solutions to stay protected."
Source: SCMagazine
Comments
