The same happened in i lawsuit over again when safety researchers discovered at to the lowest degree 85 applications inwards Google Play Store that were designed to pocket credentials from users of Russian-based social network VK.com in addition to were successfully downloaded millions of times.
The most pop of all masqueraded equally a gaming app alongside to a greater extent than than a i thou m downloads. When this app was initially submitted inwards March 2017, it was only a gaming app without whatever malicious code, according to a weblog transportation service published Tuesday past times Kaspersky Lab.
However, later waiting for to a greater extent than than vii months, the malicious actors behind the app updated it alongside information-stealing capabilities inwards Oct 2017.
Besides this gaming app, the Kaspersky researchers institute 84 such apps on Google Play Store—most of them were uploaded to the Play Store inwards Oct 2017 in addition to stealing credentials for VK.com users.
Other pop apps that were highly pop amid users include vii apps alongside betwixt 10,000 in addition to 100,000 installations, ix alongside betwixt 1,000 in addition to 10,000 installations, in addition to remainder of all had fewer than 1,000 installations.
Here's How Cyber Criminals Steal Your Account Credentials:
The apps used an official SDK for VK.com but slightly modified it alongside malicious JavaScript code inwards an endeavor to pocket users' credentials from the measure login page of VK in addition to overstep them dorsum to the apps.
Since these apps looked similar they came from VK.com – for listening to music or for monitoring user page visits, requiring a user to login into his/her describe of piece of employment concern human relationship through a measure login page did non await suspicious at all.
The stolen credentials were in addition to thus encrypted in addition to uploaded to a remote server controlled past times the attackers.
"The interesting matter is that although most of these malicious apps had a described functionality, a few of them were slightly different—they also used malicious JS code from the OnPageFinished method, but non alone for extracting credentials but for uploading them too," Kaspersky said.Researchers believe that the cybercriminals usage stolen credentials generally for promoting groups inwards VK.com, past times silently adding users to promote diverse groups in addition to growth their popularity past times doing so, since they received complaints from closed to infected users that their accounts had been silently added to unknown groups.
The cybercriminals behind these apps had been publishing their malicious apps on the Play Store for to a greater extent than than ii years, thus all they had to create is alter their apps to evade detection.
Since VK.com is pop generally amid users inwards CIS countries, the malicious apps were targeting Russian, Ukrainian, Kazakh, Armenian, Azerbaijani, Romanian, Belarusian, Kyrgyz, Tajik, in addition to Uzbek users.
The apps did thus past times kickoff checking the device linguistic communication in addition to asked for login credentials from users alongside i of the above-mentioned languages.
In addition, researchers also noted that they institute several other apps on Google Play Store that were submitted past times the same cyber criminals in addition to published equally unofficial clients for the pop messaging app Telegram.
"These apps were non alone masquerading equally Telegram apps, they were truly built using an opened upwards source Telegram SDK in addition to piece of employment nearly similar every other such app," the researchers said, adding that these apps also add together infected users to promoted groups/chats based on a listing received from their server.
How to Protect Your Device From Such Malicious Apps
All the apps, including the credential-stealing apps (detected equally Trojan-PSW.AndroidOS.MyVk.o) in addition to malicious Telegram clients (detected equally not-a-virus:HEUR:RiskTool.AndroidOS.Hcatam.a), convey since been removed past times Google from the Play Store.
However, those who convey already installed i of the higher upwards apps on their mobile devices should brand certain their devices convey Google Play Protect enabled.
Play Protect is Google's newly launched safety characteristic that uses auto learning in addition to app usage analysis to take away (uninstall) malicious apps from users Android smartphones to forbid farther harm.
Although it is a never-ending concern, the best agency to protect yourself is e'er to travel vigilant when downloading apps from Google's official Play Store, in addition to e'er verify app permissions in addition to reviews earlier yous download one.
Moreover, yous are strongly advised to e'er proceed a proficient antivirus app on your mobile device that tin discovery in addition to block such malicious apps earlier they tin infect your device, in addition to e'er proceed your device in addition to apps up-to-date.
Share This :
comment 0 Comments
more_vert