Friday, April 19, 2024

New Malware Family “Venus” In Google Play Store Infects 285,000 Android Users to Subscribe Premium Ads

By Balaji

venus

Researchers discovered a new Trojan family called “Venus” resides in the Google play store infected at least 285,000 Android users around the world.

There are 8 apps involved with the malicious activities in Android user’s device and it is mainly targeting the carrier billing and advertising area.

Venus
8 Malicious apps list

Threat actors developed these apps to interact with Ads and subscribe the user to premium services without any sort of notification, and it also bypasses the Google Play protect and malware detection system.

There are several countries were targeted by this malware campaign including Belgium, France, Germany, Guinea, Morocco, Netherlands, Poland, Portugal, Senegal, Spain, and Tunisia.

Malware Infection Process via Malicious App

Researchers observed that most of the data consumed by an application called “Quick scanner” which is protected by a library that encrypts and hides files. 

Venus

According to Evina research, “The application uses the libjiagu library created by the Chinese company Qihoo. The library protects the application’s content and runs protections against reverse engineering. Unfortunately, fraudsters take advantage of the library to use it dishonestly.”

Further deep analysis revealed that the apps have fraudulent code in compiled Android file and it processes the anti-reverse check after the file was imported and decrypted in memory in order to bypass Google’s detection.

“Venus is waiting for the right time to attack. The malware is able to register time after the application has been downloaded instead of being launched on the very first day.” Evina said.

Once it performed the successful attack, Venus malware communicates with the C2 server domain(glarecube[.]com) which is controlled by an attacker to send the encrypted request.

After decrypted, Server response with two following things.

  1) All the instructions containing URLs that redirect to premium services or websites containing ads, all created by the fraudster
     2) The javascript commands making the fraudulent process

With running an application, the URL simply loaded into the browser without letting users know whats going on and it subscribes to the premium ads, at the end attackers can make its profit from advertisements clicks and premium services subscriptions.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Managed WAF Protection

Website

Latest articles

cyber security

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing...
Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]