Thursday, March 28, 2024

Malicious App in Google Play Store Hijack SMS Message Notifications to Commit Billing Fraud

In a daily routine check-up, cybersecurity researchers have detected a very new wave of malicious apps in Google Play store.

The analysts have found these malicious apps in Google Play Store, the apps are continuously targeting Android users, and hijack SMS message notifications for carrying out billing frauds.

However, these malicious apps are targetting users from Southwest Asia and the Arabian Peninsula. The main motive of the operators of these malicious apps is to target Android users, and they have already targeted more than 700,000 users.

According to the McaFee report, the malicious apps gets removed from the platform before they were discovered by the analysts.

Technical Summary

These malicious apps are quite dangerous for Android users, as it has been loaded with some critical malware, and that malware takes the advantage of dynamic code loading.

Moreover, this malicious app contains the encrypted payload, and as per the experts, these payloads appear in the assets folder that is directly linked with the malicious app.

The encrypted payloads that are present in this malicious app using names like “cache.bin,” “settings.bin,” “data.droid,” or harmless“.png” files.

This malicious app is quite hazardous and it contains spyware capabilities, and the experts have mentioned all the capabilities of the malicious app:-

  • Stealing contact lists
  • All the device information
  • SMS messages

Not only this but the malicious app also employs a method known as versioning that is connected directly to clean a version. The analysts also asserted that the hackers are building trust among the users.

Once the hackers get access and gain trust, they sneakily add the malicious code and at a later stage through an app they update them.

Infected Apps

After tracking all the functions of this malicious app, the experts came to know that Google Play Store has removed nearly 1700 infected apps. That’s why the researchers have suggested a list of nine apps, that are infected:-

  • Keyboard Wallpaper 
  • PIP Photo Maker 
  • 2021 Wallpaper and Keyboard 
  • Barber Prank Hair Dryer, Clipper, and Scissors 
  • Picture Editor 
  • PIP Camera 
  • Keyboard Wallpaper 
  • Pop Ringtones for Android 
  • Cool Girl Wallpaper/SubscribeSDK 

However, the team of cybersecurity analysts at McAfee continues to keep a check on these threats, and they are also continuously analyzing the potential of the malware.

Apart from this, they are working with the app stores so that they can remove it later. Not only this the researchers also recommended the users to must keep a check on such anonymous apps so that they can protect themselves.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles