![]() ![]() ![]() If the current state of Google Play remains the same, we will see more malware adapting to those techniques.” “If they just update the native code they can do whatever they want,” Hazum warns, “from clickers to bankers to MRATs (mobile remote access trojans). This is clearly a serious issue and for threat actors to be finding security gaps is a concern. Some weeks ago, Google dumped a mass of apps it claimed to be perpetuating just such fraud, many of which belonged to one listed Chinese developer. But a bad app is a bad app, and once there’s a backdoor open onto your device you are vulnerable. ![]() Users cannot rely on Google Play’s security measures alone to ensure their devices are protected.”Īdware such as this is often dismissed as more nuisance than threat. “There are nearly 3 million apps available from the store, with hundreds of new apps being uploaded daily-making it difficult to check that every single app is safe. “This highlights once again that the Google Play Store can still host malicious apps,” Check Point warns. Because all the malicious code in Tekya is native code. It’s a lot harder to analyze native code. Native code does not have all that-it’s a lower level language. ![]() Most applications implement javascript, accessing multiple instructions and APIs. “There’s nothing malicious about native code,” Hazum explains, “but in this case the entire malicious code within Tekya is in native code. The malware’s operators decompiled and cloned genuine, popular apps which were then renamed and put back onto the store with the adware mobile included. “The Tekya malware family went undetected by VirusTotal and Google Play Protect,” Check Point says. The malware works by accessing Androids “MotionEvent” function, mimicking a user’s movement, tricking the ad into thinking it’s been clicked. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |