How Google fights Android malware

Did Google score a complete victory against Android malware last year? No. Did it win? Yes.

If you just read the headlines, it sounds like Android is a security mess. There's a report about one Android malware program after another. What's not said is that often these Android viruses require a user to be a sucker to get them. But since a sucker is born every minute, Google does its best to stop malware in its tracks.

How does Google do this? Google's VP and head of security, Dave Kleidermacher, and Google Play's product manager, Andrew Ahn, explained in a blog post: "While the majority of developers have their audience's best interest at heart, some bad apps and malicious developers do attempt to evade detection and enter the Play Store to put people and their devices in harm's way."

A major reason for this is the "massive scale and the global reach of Google Play make the platform a target for bad actors," according to Google. To combat them, Google said it deploys "teams of engineers, policy experts, product managers, and operations professionals who constantly monitor the store and incorporate feedback from the user community to protect people from misleading, inappropriate, or harmful apps."

So, what does that mean? In 2017, Google reported it "took down more than 700,000 apps that violated the Google Play policies, 70 percent more than the apps taken down in 2016. Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99 percent of apps with abusive contents were identified and rejected before anyone could install them."

Google claimed it was able to do this "through significant improvements in our ability to detect abusive app content and behaviors -- such as impersonation, inappropriate content, or malware -- through new machine learning models and techniques." In addition, "We've also developed new detection models and techniques that can identify repeat offenders and abusive developer networks at scale. This resulted in taking down of 100,000 bad developers in 2017, and made it more difficult for bad actors to create new accounts and attempt to publish yet another set of bad apps."

In other words, Google made it much harder for repeat offenders to push malware into the Play Store. Specifically, Google strengthened Android Play Store in the following areas:

Read also: This crypto-mining Android malware is so demanding it burst a smartphone

COPYCATS

Attempting to deceive users by impersonating famous apps is one of the most common violations. Famous titles get a lot of search traffic for particular keywords, so the bad actors try to amass installs leveraging such traffic. They do this by trying to sneak in impersonating apps to the Play Store through deceptive methods such as using confusable unicode characters or hiding impersonating app icons in a different locale. In 2017, Google took down more than a quarter of a million of impersonating apps.

Read also: Android security: Sneaky three-stage malware found in Google Play store

INAPPROPRIATE CONTENT

Google doesn't allow apps that contain or promote inappropriate content, such as pornography, extreme violence, hate, and illegal activities. The improved machine-learning models sift through massive amounts of incoming app submissions and flag them for potential violations. This helps the human reviewers in effectively detecting and enforcing on the problematic apps. Tens of thousands of apps with inappropriate content were taken down last year as a result of such improved detection methods.

Read also: BankBot Android malware sneaks into the Google Play Store - for the third time

POTENTIALLY HARMFUL APPLICATIONS (PHAS)

PHAs are a type of malware that can harm people or their devices -- e.g., apps that conduct SMS fraud, act as trojans, or phishing user's information. While small in volume, PHAs pose a threat to Android users and Google invested heavily in keeping them out of the Play Store. Finding these bad apps is non-trivial as the malicious developers go the extra mile to make their app look as legitimate as possible. With the launch of Google Play Protect in 2017, Google reduced the rate of PHA installs by an order of magnitude compared to 2016.

Google Play Protect took several security measures that were already present in Android and improved them. These are malware scanning, application monitoring for rogue behavior, the ability to remotely locate, lock, and optionally wipe your device, and warnings about dodgy sites, which try to feed you malware or trick you out of personal information.

When it fails, and it will fail sometimes, Google's director of Android security, Adrian Ludwig, explained to ComputerWorld's J.R. Raphael: "The challenge that all detection technology runs into, inclusive of Google Play Protect, is when we see a completely new family coming from a different environment -- especially if [the apps] are on the borderline of behavior that might be considered to be potentially harmful and not quite potentially harmful." For example, no one's been able to use the Meltdown and Spectre security holes in malware... yet. When it does happen, these attacks will be hard to detect.

Still, Google's Play Store protection isn't perfect. "Despite the new and enhanced detection capabilities that led to a record-high takedowns of bad apps and malicious developers, we know a few still manage to evade and trick our layers of defense. We take these extremely seriously, and will continue to innovate our capabilities to better detect and protect against abusive apps and the malicious actors behind them. We are committed to make Google Play the most trusted and safe app store in the world," Kleidermacher and Ahn wrote.

So, is Android perfectly secure from malicious programs? Heck no! The battle against malware is never-ending and bad programs will make it through sometimes. But, Google is trying its best to make Android and its applications as safe as possible.

RELATED STORIES

• The 10 best ways to secure your Android phone
• Android security alert: Google's latest bulletin warns of 47 bugs, 10 critical
• Android security: Sneaky three-stage malware found in Google Play store

Read more »

Android security: This newly discovered snooping tool has remarkable spying abilities

A newly-uncovered form of Android spyware is one of the most advanced targeted surveillance tools ever seen on mobile devices, coming equipped with spying features never previously seen active in the wild.

Named Skygofree by researchers because the word was used in one of its domains, the multistage malware is designed for surveillance and puts the device in full remote control of the attackers, enabling them to perform advanced attacks including location-based sound recording, stealing communications including WhatsApp messages, and connecting to compromised networks controlled by the malware operators.

Researchers at Kaspersky Lab say those behind spyware have been active since 2014 and are targeting select individuals -- all in Italy. Those behind the mobile surveillance tool are also thought to be based in Italy.

"Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions," said Alexey Firsh, malware analyst in targeted attacks research at Kaspersky Lab.

The malware was uncovered during a review of suspicious file feeds, with its capabilities uncovered after analysing the code.

Researchers say Skygofree has some of the most advanced features ever seen in mobile malware.

Image: iStock

Still thought to be receiving updates from its authors, Skygofree offers attackers 48 different commands, allowing them flexibility to access almost all services and information on the infected device.

That includes the ability to secretly to use the device's microphone eavesdrop on the user and their surroundings when they enter a specified location -- a surveillance feature which has never previously been seen in the wild.

Other previously unseen features bundled with Skygofree are the ability to use Accessibility Services to steal WhatsApp messages of victims and an ability to connect an infected device to wi-fi networks controlled by the attackers.

The malware is also equipped with all the features and root access privileges usually associated with trojan spyware, including capturing photos and videos, seizing call records and text messages, as well as monitoring the user's location via GPS, their calendar, and any information stored on the device.

If the user has chosen to run battery-saving measures, Skygofree is able to add itself to the list of 'protected apps' in order to ensure it can carry on its malicious activity, even when the screen is off or the phone isn't active.

It remains unclear if those targeted by Skygofree have anything in common outside of being based in Italy, but research suggests that those infected with the Android malware have been compromised after visiting fake websites which mimic those of leading mobile operators.

While researchers still don't know how the victims are lured onto these malicious sites, once there, they're asked to update or configure their device configuration, allowing the malware to be dropped in the process.

Most attacks appear to have taken place in 2015, but there's evidence that Skygofree is still active with evidence of attacks as recently as 31 October 2017. The attackers have gone out of their way to ensure that Skygofree remained under the radar without being detected.

"High-end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion," said Firsh.

In addition to actively infecting Android devices, the attackers also appear to have an interest in Windows systems: researchers uncovered recently-developed modules to target the platform.

However, given the treasure trove of information a mobile device can provide to attackers, it's no surprise that those behind Skygofree put their main focus on Android -- especially given the chance it offers to track a user's movement and therefore activate attacks based on location.

"Mobile spyware is becoming more effective than PC variants, because victims keep their mobile phone close by them at all times, and such implants can exfiltrate a large amount of sensitive information," Vicente Diaz, deputy head of the global research and analysis team at Kaspersky Lab, told ZDNet. "Some of the never before seen-in-the-wild features of Skygofree are remarkable in their capability."

In order to protect against falling for these sorts of targeted cyber-attacks, mobile users are encouraged to use a security tool to help protect their device and to exercise caution when they receive emails from people or organisations they don't know, or with unexpected requests or attachments.

via Zdnet

Read more »

Fake Google Play Security Apps Harvest User Info

Check Point said that LightsOut could override user settings to disable the ads, and some users still saw the ads even after they paid for a supposedly ad-free version of the infected app.

Fortunately, Google removed the malicious apps as soon as it was informed by Trend Micro. These apps have become ubiquitous with Android and if you're looking for ...

Overcoming this situation is not easy - home users need to have a certain level of assurance before installing anything on any of their devices and not all independent review sites are completely honest these days either.

Covington said there appears to be no sign of a slowdown of mobile malware, which has a 100 percent increase year after year. For instance, an app that was in the top ten apps previous week will not be seen in the top ten this week. According to Padon, malware downloads on Google Play more than doubled between 2016 and 2017, and he encourages consumers to download security software for their devices.

Google booted a number of apps from its online store that fooled people into believing they were helpful services, like flashlights and call recording apps, while spreading malware.

A report says hundreds of Android games are quietly tracking users' TV habits by turning on the microphone.

Cybersecurity company Check Point Software revealed the findings on Friday after discovering the fraudulent apps in November and notifying Google (goog), which promptly removed the software from the Google Play store, said Check Point security researcher Daniel Padon.

The malware, dubbed "LightsOut", was hidden in 22 different apps to secretly generate ad revenue for its developers by constantly bombarding users with pop-up ads that forced a person to click them before they could continue using the device.

In what could be among the most intelligently-designed malicious apps, as many as 36 such apps on the Google Play Store were found harvesting sensitive user data, sending them to remote servers and aggressively pushing advertisements to user devices as part of a click fraud campaign, while performing the usual functions expected from mobile security apps. Do a quick Internet search about the developer as well as the app name to ensure they are safe to use.

Read more »

Mobile Security—How Secure Are Your Mobile Devices, Actually?

Derlusca / Pixabay

Whether it’s searching embarrassing symptoms or letting curiosity win and checking out the latest photo leak, we all get up to some questionable things online from time to time—things we wouldn’t want our boss or maybe even friends to know. We aren’t ones to judge, but if you think that in this day-in-age you’re just as safe (or safer) doing all that on your smartphone as your PC, you might want to reconsider.

For example, a recent study examining 10,000 mobile devices in the UK and the US, showed that 40 of the 50 top porn sites were susceptible to software that may harm your phone badly. Another security report issued by Nokia in March 2017, revealed a new all-time high in mobile device infection rates—a stunning 400 percent increase over last year!

Spyware that exposes your text messages, contact lists, GPS coordinates and other data that you’d rather kept to yourself, hits both Android and iOS-run devices. Yet another sort of malicious software threatening your mobile security is the one that may brick your phone dead until you pay the ransom—just like the nefarious WannaCry which compromised a boatload of PCs earlier this year. This kind of threat is getting more intense because you no longer have to be a skilled cyber-criminal to create malware—yep, they have an app for that, too!

Don’t be naïve though—mobile malware isn’t some sudden retaliation for watching porn or clicking ridiculous content advertisements. Most of the time you are installing it yourself along with your apps (or even in fake system updates, like this one)!

What Google Says About Mobile Security Risk

According to Android Security Chief, less than 0.001 percent of Android apps ’cause harm and evade runtime defenses’. So, does this mean Android is practically invincible? Not quite. First of all, these numbers are based on Google’s (the Android’s creator, ICYDK) data solely. Google can only obtain such information from the “Verify App” feature. If you don’t use it, you’re not included in these statistics—so that percentage is woefully misleading Plus, we also must consider that Google doesn’t provide information on how many apps in the store appeared to be infected to the independent researchers. We just have to take the company’s word for it.

They Can’t Bite Into your Apple. Or Can They?

OK, so Android safety is doubtful, but what about iOS? We’ve all heard that all things Mac are virus-proof, but is your iPhone under lock and key? Apple fans’ first argument would be that iOS, unlike Android, is a closed system. One may assume quite another reason, though. What makes the iOS devices safer than the ones that run Android is quite obvious: a market share. Out of the total amount of mobile devices, 85% are Android-powered and only 14,7% run iOS. Which means, 85% of hackers’ efforts are precisely focused on Android, whereas iOS luckily picks up the scraps. iPhones are not without chinks in the armor, however. Here’s a 25-page long list of iPhone’s vulnerabilities.

Shared Insecurity

One good thing about the smartphone exploiters is that they believe we’re all equal—whether you boast a new iPhone or use a humble Android-run smartie, you have one thing in common: your phone can be compromised. So let’s zero in on how the bad (and also good) guys run shady operations through your devices without you having a clue.

Fake apps. Yep, not only are the news fake nowadays. Half of the top-50 apps in Google Play have evil twins, the Economist says. Hackers mimic popular applications, tweaking their names a bit (like, “MyGoogleTranslate” instead of “Google Translate”) to lure you into installing them. Then they steal your data or even mine cryptocurrency with your phone! Now, as Black Friday and X-mas madness are coming, we may also see the rise of the fake shopping apps that steal your credit card numbers. Apple’s App Store survived an infestation with hundreds of them the last year!

Malvertising. This summer, the conspiracy theories-themed site visitors (instant tip: Don’t be one!) got their Android-run phones infested with an unremovable app showing annoying ads. The app’s installation was triggered by clicking on fake ads posted on the abovementioned site. An even more curious event befell iPhone users. A fake advert posing as an iOS update tricked users into . . . physically destroying their phones! (The story in a nutshell: The hoax ad promised to make your iPhone waterproof.)

Sometimes, though, even the good guys can do you bad!

Sensitive info stealing. Even totally legitimate Android and iOS apps may sell your private data. Actually, here’s an article claiming that 7 out of 10 apps do it. This applies in particular to health apps, because your health info is a treasure (for insurance companies among others).

GPS tracking. This summer, iPhone users freaked out after finding that a popular iOS app was selling their location data to the third parties. It’s especially ironic, taking into account that some two years earlier Apple’s Tim Cook roasted Google for selling users’ GPS info to advertisers!
Read more at http://www.business2community.com/mobile-apps/mobile-security-secure-mobile-devices-actually-01943538#G9fFqJ7BU6KS3VWu.99

So you understand the risk. Now, let’s look at some popular mobile security facts and tips.

Mobile Security FAQ

Can I be totally safe by switching from smartphone to an old push-button cell phone?

Well, it’s definitely much safer to use an old “dumb” flip-phone without an internet connection. But it’s not totally safe. Even those old “candy-bars” have code in them—and any code can be broken into.

What is the most advanced way to protect my smartphone?

One of the recent hypes in the tech world is biometric security. Applied to smartphones, this means user authentication by fingerprint, face, or even by cardiogram. It can be used to unlock your phone and authorize payments. Biometric security is extremely hard to hack; however, it has its pros and cons.

Does installing only the paid apps guarantee 100% security?
It’s definitely safer to install paid VPNs and anti-viruses. On the other hand, it’s not a rule of thumb. While there are trusted and totally free apps like StopAd (Microsoft certified), there are some hidden catches in many paid applications as well.

How to Really Protect Your Mobile Security

So what can you do in order to ensure full mobile safety? Locking your devices in the microwave and putting a tin-foil hat on are the only ways to be totally secure. There are less radical ways though.

• We hate to break it to you, but you better stop browsing adult sites on your phone.
• Install apps only from authorised markets and credible developers.
• Update your operating system regularly to make sure all the flaws are patched.
• Do not root your phone.
• Remove any apps you’re not using. Every app is a potential problem—the fewer you have, the safer you’ll be.
• Next time you’re about to click “install”, be sure to think twice. Consider what exactly does that application require permission for? Your mic, camera, media files, bank account, etc.? In other words, don’t be a dupe—the human factor is the main vulnerability exploited against you both in PC and mobile realm (as well as IRL, BTW.)
• Read the terms of use for goodness sake! At least jump around in the text searching for the words like “third parties”, “data”, “behavior” and the like to make sure you aren’t willingly allowing the app to sell your sensitive info.
• To avoid being tracked, iPhone users may disable the “Find My iPhone” function (this way it isn’t possible to track your device—even if it’s stolen). Users may also enable apps using GPS only when they’re active (you can do this in the apps’ settings).

Last but not least, security is an integral part of comfort. StopAd’s Android version has most everything StopAd desktop boasts—it blocks all the ads on your device. If you use an iOS-run device, you may want get started and try StopAd for Safari.

Read more at http://www.business2community.com/mobile-apps/mobile-security-secure-mobile-devices-actually-01943538#G9fFqJ7BU6KS3VWu.99

Read more »

Xafecopy Trojan Will Steal Money From Your Mobile, protect your phone now!

Xafecopy Torjan is a new malware reported by cyber security firm, Kaspersky. As per the report, a new Malware is hitting the technology world which is stealing money from your smartphone. Xafecopy Trojan malware is spreading slowly over the world starting from India. As per the report, over 40% of malware target was found in India. Since, India is becoming more advance with technology, people are more into digital payment services. For that reason, hackers are moving on to this country.

As per the official report by Kaspersky, “Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims’ mobile accounts without their knowledge.”

This new malware runs secretly on your device and steal data from your device. The trojan puts and runs its secret codes to your phone without your knowledge and this way it fetches the information from your device. This trojan runs normally on the device and hence no one will understand what’s actually going on inside your mobile phone. You will not be able to see any such codes with bare eyes.

This code runs and activate through various applications which most of the Android and iOS users are using. Applications like BatteryMaster, ES File Explorer and all the other apps which contains advertises runs these malicious codes. Once the app is activated, the codes will itself starts working on your mobile phone.

This malware clicks different webpages on your mobile phone through Wireless Application Protocol billing. After filling up the form, the code silently subscribes you to various services. This process works super smoothly without any registration or sign up process. You don’t have to put the credit card or debit card details into the forms still it will subscribe for various services without your permission and knowledge.

As we all know, most of the services have captcha codes for the final confirmation of your action. But this malware replaces the captcha code with normal texts and this way it can easily get confirmation and bypass the entire procedure itself. Captcha codes are there to fill the forms and confirmation manually so no robots or autobots can harm your information. But this malware is something to hit the right bone of all the users.

Furthermore, the report says, “Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico.”

Kaspersky Lab Senior Malware Analyst Roman Unuchek said, “Our research suggests WAP billing attacks are on the rise. Xafecopy’s attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money.”

In order to prevent yourself from such unwanted and harmful malware attacks to stop them stealing your money, make sure you have a proper security set in your Android device. Stop downloading and installing unwanted third party applications as hackers and attackers are trying to spread this virus or we can say malware with the help of such third party applications which are not permitted by Google. If you are using an Android smartphone, it is better for you to protect your smartphone with Google Play Protect which is a free security service available on all the Android smartphone. The security app has over 1 Billion active users as per the reports.

As a security advice, “It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices.”

via techbulletin

Read more »

500 Android apps blocked from Play Store due to malware

Through the use of an advertising software development kit contained in 500 apps on the Google Play Store, cybercriminals were able to spy on users and even infect their mobile devices with malware. 

That's according to security firm Lookout , which discovered that the Android apps in question all had the lgexin ad SDK built into them which gave unauthorised third parties access to user devices.  The apps themselves also managed to be downloaded over 100 million times from the Google Play Store as many of them fell into popular categories such as weather, health and fitness, travel and games. 

However, the app developers were likely not responsible for the malware added by the cybercriminals and this is not the first time that hackers have used an SDK to deliver a malicious payload.    

Lookout researchers offered further details on why the developers were likely unaware that their apps contained malware at all, saying: 

“It is likely many app developers were not aware of the personal information that could be exfiltrated from their customers' devices as a result of embedding Igexin's ad SDK. It required  deep analysis of the apps' and ad SDK's behavior by our researchers to make this discovery. Not only is the functionality not immediately obvious, it could be altered at any time on the remote server.” 

In an attempt to prevent apps from being able to deliver malware to mobile devices, Google recently introduced Google Play Protect which will be built into the latest version of its mobile OS, Android O. 

Lookout has informed Google of its discover and all of the affected apps have now been removed from the Play Store. 

Image Credit: Andriano.cz / Shutterstock via itproportal

Read more »